| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-15482 |
284 |
|
|
2018-08-17 |
2018-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. |
|
2 |
CVE-2018-14982 |
284 |
|
|
2018-08-17 |
2018-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. |
|
3 |
CVE-2018-14981 |
284 |
|
|
2018-08-17 |
2018-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. |
|
4 |
CVE-2018-14066 |
89 |
|
Sql |
2018-07-15 |
2018-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. |
|
5 |
CVE-2018-11904 |
476 |
|
|
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer. |
|
6 |
CVE-2018-11903 |
787 |
|
|
2018-09-19 |
2018-11-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST. |
|
7 |
CVE-2018-11902 |
129 |
|
|
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST. |
|
8 |
CVE-2018-11898 |
125 |
|
|
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum. |
|
9 |
CVE-2018-11897 |
125 |
|
|
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit. |
|
10 |
CVE-2018-11895 |
119 |
|
Overflow |
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame. |
|
11 |
CVE-2018-11894 |
190 |
|
Overflow |
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW. |
|
12 |
CVE-2018-11889 |
119 |
|
Overflow |
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free. |
|
13 |
CVE-2018-11886 |
190 |
|
Overflow |
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function. |
|
14 |
CVE-2018-11883 |
129 |
|
|
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table. |
|
15 |
CVE-2018-11878 |
119 |
|
Overflow |
2018-09-19 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function. |
|
16 |
CVE-2018-11869 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler. |
|
17 |
CVE-2018-11868 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler. |
|
18 |
CVE-2018-11863 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy. |
|
19 |
CVE-2018-11860 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length. |
|
20 |
CVE-2018-11852 |
787 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write. |
|
21 |
CVE-2018-11851 |
787 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack. |
|
22 |
CVE-2018-11843 |
416 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free. |
|
23 |
CVE-2018-11842 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated. |
|
24 |
CVE-2018-11840 |
415 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice. |
|
25 |
CVE-2018-11836 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function. |
|
26 |
CVE-2018-11827 |
129 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write. |
|
27 |
CVE-2018-11826 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler. |
|
28 |
CVE-2018-11299 |
129 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault. |
|
29 |
CVE-2018-11297 |
125 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW. |
|
30 |
CVE-2018-11296 |
787 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur. |
|
31 |
CVE-2018-11295 |
787 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen. |
|
32 |
CVE-2018-11281 |
416 |
|
|
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur. |
|
33 |
CVE-2018-11274 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large. |
|
34 |
CVE-2018-11262 |
787 |
|
|
2018-09-04 |
2018-10-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT. |
|
35 |
CVE-2018-9516 |
787 |
|
|
2018-11-06 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. |
|
36 |
CVE-2018-9515 |
264 |
|
Mem. Corr. |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A |
|
37 |
CVE-2018-9513 |
415 |
|
Mem. Corr. |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A |
|
38 |
CVE-2018-9503 |
125 |
|
|
2018-10-02 |
2018-11-20 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928 |
|
39 |
CVE-2018-9501 |
264 |
|
Bypass |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 |
|
40 |
CVE-2018-9455 |
125 |
|
DoS |
2018-11-06 |
2018-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677. |
|
41 |
CVE-2018-9448 |
125 |
|
|
2018-11-06 |
2018-12-12 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113. |
|
42 |
CVE-2018-9445 |
22 |
|
Dir. Trav. |
2018-11-06 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257. |
|
43 |
CVE-2018-9444 |
400 |
|
DoS Exec Code |
2018-11-06 |
2018-12-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984. |
|
44 |
CVE-2018-9437 |
125 |
|
DoS |
2018-11-06 |
2018-12-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554. |
|
45 |
CVE-2018-9436 |
125 |
|
|
2018-11-06 |
2018-12-12 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722. |
|
46 |
CVE-2018-9422 |
416 |
|
|
2018-11-06 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel. |
|
47 |
CVE-2018-9363 |
190 |
|
Overflow |
2018-11-06 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. |
|
48 |
CVE-2018-9362 |
20 |
|
DoS |
2018-11-06 |
2018-12-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611. |
|
49 |
CVE-2018-9361 |
125 |
|
|
2018-11-06 |
2018-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041. |
|
50 |
CVE-2018-9360 |
125 |
|
|
2018-11-06 |
2018-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143. |
