| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2017-9719 |
119 |
|
Overflow |
2017-11-16 |
2017-12-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range. |
|
252 |
CVE-2017-9718 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite. |
|
253 |
CVE-2017-9717 |
119 |
|
Overflow |
2017-10-10 |
2017-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur. |
|
254 |
CVE-2017-9716 |
264 |
|
|
2017-12-05 |
2017-12-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE applications. |
|
255 |
CVE-2017-9715 |
119 |
|
Overflow |
2017-10-10 |
2017-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur. |
|
256 |
CVE-2017-9714 |
119 |
|
Overflow |
2017-10-10 |
2017-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request. |
|
257 |
CVE-2017-9712 |
119 |
|
Overflow |
2018-01-10 |
2018-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-read occurs. |
|
258 |
CVE-2017-9710 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts which can result in buffer overflow of msg cache. |
|
259 |
CVE-2017-9709 |
264 |
|
|
2017-12-05 |
2017-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. |
|
260 |
CVE-2017-9708 |
362 |
|
|
2017-12-05 |
2017-12-15 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg". |
|
261 |
CVE-2017-9706 |
119 |
|
Overflow |
2017-10-10 |
2017-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver. |
|
262 |
CVE-2017-9705 |
415 |
|
|
2018-01-10 |
2018-01-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers. |
|
263 |
CVE-2017-9703 |
416 |
|
|
2017-12-05 |
2017-12-15 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition. |
|
264 |
CVE-2017-9702 |
264 |
|
|
2017-11-16 |
2017-12-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver. |
|
265 |
CVE-2017-9701 |
200 |
|
+Info |
2017-11-16 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory. |
|
266 |
CVE-2017-9700 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer overwrite is possible in fw_name_store if image name is 64 characters. |
|
267 |
CVE-2017-9698 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will overflow and possibly pass further checks intended to avoid accessing unintended memory. |
|
268 |
CVE-2017-9697 |
362 |
|
|
2017-10-10 |
2017-10-19 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table. |
|
269 |
CVE-2017-9696 |
200 |
|
+Info |
2017-11-16 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX". |
|
270 |
CVE-2017-9690 |
119 |
|
Overflow |
2017-11-16 |
2017-11-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow. |
|
271 |
CVE-2017-9689 |
119 |
|
Overflow Mem. Corr. |
2018-01-10 |
2018-01-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption. |
|
272 |
CVE-2017-9687 |
415 |
|
|
2017-10-10 |
2017-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in ipc_log_context_destroy(). Another issue is the Use-After-Free which can happen due to the race condition when the ipc log is deallocated via the debugfs call during a log print. |
|
273 |
CVE-2017-9686 |
415 |
|
|
2017-10-10 |
2017-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used. |
|
274 |
CVE-2017-9685 |
416 |
|
|
2017-08-18 |
2017-08-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. |
|
275 |
CVE-2017-9684 |
416 |
|
|
2017-08-18 |
2017-08-21 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. |
|
276 |
CVE-2017-9683 |
190 |
|
Overflow |
2017-10-10 |
2017-10-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large. |
|
277 |
CVE-2017-9682 |
362 |
|
|
2017-08-18 |
2017-08-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. |
|
278 |
CVE-2017-9681 |
200 |
|
+Info |
2018-03-30 |
2018-04-20 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur. |
|
279 |
CVE-2017-9680 |
200 |
|
+Info |
2017-08-18 |
2017-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. |
|
280 |
CVE-2017-9679 |
200 |
|
+Info |
2017-08-18 |
2017-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. |
|
281 |
CVE-2017-9678 |
119 |
|
Overflow Mem. Corr. |
2017-08-18 |
2017-08-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). |
|
282 |
CVE-2017-9677 |
264 |
|
Overflow |
2017-09-21 |
2017-09-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. |
|
283 |
CVE-2017-9676 |
416 |
|
|
2017-09-21 |
2017-09-26 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. |
|
284 |
CVE-2017-8281 |
362 |
|
|
2017-09-21 |
2017-12-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. |
|
285 |
CVE-2017-8280 |
119 |
|
Overflow |
2017-09-21 |
2017-09-26 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. |
|
286 |
CVE-2017-8279 |
200 |
|
+Info |
2017-11-16 |
2017-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information. |
|
287 |
CVE-2017-8278 |
264 |
|
Overflow |
2017-09-21 |
2017-09-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur. |
|
288 |
CVE-2017-8277 |
264 |
|
|
2017-09-21 |
2017-09-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time. |
|
289 |
CVE-2017-8273 |
119 |
|
Overflow |
2017-08-11 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur. |
|
290 |
CVE-2017-8272 |
787 |
|
|
2017-08-18 |
2017-08-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. |
|
291 |
CVE-2017-8271 |
787 |
|
|
2017-08-11 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. |
|
292 |
CVE-2017-8270 |
416 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. |
|
293 |
CVE-2017-8269 |
200 |
|
+Info |
2017-08-11 |
2018-04-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. |
|
294 |
CVE-2017-8268 |
119 |
|
Overflow |
2017-08-18 |
2017-08-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. |
|
295 |
CVE-2017-8267 |
190 |
|
Overflow |
2017-08-18 |
2017-08-22 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. |
|
296 |
CVE-2017-8266 |
416 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. |
|
297 |
CVE-2017-8265 |
415 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. |
|
298 |
CVE-2017-8264 |
264 |
|
DoS |
2017-08-11 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. |
|
299 |
CVE-2017-8263 |
19 |
|
|
2017-08-18 |
2017-08-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. |
|
300 |
CVE-2017-8262 |
416 |
|
|
2017-08-18 |
2017-08-23 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. |
