| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-12633 |
362 |
|
DoS +Info |
2018-06-21 |
2018-08-21 |
6.3 |
None |
Local |
Medium |
Not required |
Complete |
None |
Complete |
|
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. |
|
2 |
CVE-2018-11508 |
200 |
|
+Info |
2018-05-28 |
2018-07-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. |
|
3 |
CVE-2018-7755 |
200 |
|
Bypass +Info |
2018-03-08 |
2018-10-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. |
|
4 |
CVE-2018-7754 |
534 |
|
+Info |
2018-08-10 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. |
|
5 |
CVE-2018-7273 |
200 |
|
Bypass +Info |
2018-02-20 |
2018-03-24 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. |
|
6 |
CVE-2018-6412 |
200 |
|
+Info |
2018-01-31 |
2018-03-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. |
|
7 |
CVE-2018-5995 |
200 |
|
+Info |
2018-08-07 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. |
|
8 |
CVE-2018-5953 |
200 |
|
+Info |
2018-08-07 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. |
|
9 |
CVE-2018-5750 |
200 |
|
+Info |
2018-01-26 |
2018-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. |
|
10 |
CVE-2018-1118 |
200 |
|
+Info |
2018-05-10 |
2018-09-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. |
|
11 |
CVE-2017-1000410 |
200 |
|
Bypass +Info |
2017-12-07 |
2018-05-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). |
|
12 |
CVE-2017-1000380 |
200 |
|
+Info |
2017-06-17 |
2017-12-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. |
|
13 |
CVE-2017-17864 |
200 |
|
+Info |
2017-12-27 |
2018-01-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." |
|
14 |
CVE-2017-17741 |
125 |
|
+Info |
2017-12-18 |
2018-04-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. |
|
15 |
CVE-2017-17449 |
200 |
|
+Info |
2017-12-06 |
2018-05-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. |
|
16 |
CVE-2017-16994 |
200 |
|
+Info |
2017-11-27 |
2018-04-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. |
|
17 |
CVE-2017-16911 |
200 |
|
+Info |
2018-01-31 |
2018-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. |
|
18 |
CVE-2017-15537 |
200 |
|
+Info |
2017-10-17 |
2018-01-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. |
|
19 |
CVE-2017-14991 |
200 |
|
+Info |
2017-10-03 |
2018-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. |
|
20 |
CVE-2017-14954 |
200 |
|
Bypass +Info |
2017-10-01 |
2017-10-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call. |
|
21 |
CVE-2017-14156 |
200 |
|
+Info |
2017-09-05 |
2018-03-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. |
|
22 |
CVE-2017-14140 |
200 |
|
+Info |
2017-09-05 |
2018-04-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. |
|
23 |
CVE-2017-13695 |
200 |
|
Bypass +Info |
2017-08-25 |
2018-09-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. |
|
24 |
CVE-2017-13694 |
200 |
|
Bypass +Info |
2017-08-25 |
2017-09-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. |
|
25 |
CVE-2017-13693 |
200 |
|
Bypass +Info |
2017-08-25 |
2017-09-20 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. |
|
26 |
CVE-2017-11472 |
284 |
|
Bypass +Info |
2017-07-20 |
2018-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. |
|
27 |
CVE-2017-10911 |
200 |
|
+Info |
2017-07-04 |
2018-09-07 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. |
|
28 |
CVE-2017-9605 |
200 |
|
+Info |
2017-06-13 |
2017-11-03 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. |
|
29 |
CVE-2017-9150 |
200 |
|
+Info |
2017-05-22 |
2017-09-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. |
|
30 |
CVE-2017-8924 |
191 |
|
+Info |
2017-05-12 |
2017-11-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. |
|
31 |
CVE-2017-7616 |
388 |
|
+Info |
2017-04-10 |
2018-06-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. |
|
32 |
CVE-2017-7558 |
125 |
|
+Info |
2018-07-26 |
2018-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. |
|
33 |
CVE-2017-7495 |
200 |
|
+Info |
2017-05-15 |
2017-09-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. |
|
34 |
CVE-2017-7277 |
125 |
|
DoS +Info |
2017-03-28 |
2017-03-31 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. |
|
35 |
CVE-2017-5967 |
200 |
|
+Info |
2017-02-14 |
2017-03-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. |
|
36 |
CVE-2017-5550 |
200 |
|
+Info |
2017-02-06 |
2017-02-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. |
|
37 |
CVE-2017-5549 |
532 |
|
+Info |
2017-02-06 |
2018-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. |
|
38 |
CVE-2017-2584 |
416 |
|
DoS +Info |
2017-01-14 |
2018-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. |
|
39 |
CVE-2017-0651 |
200 |
|
+Info |
2017-06-14 |
2017-07-07 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815. |
|
40 |
CVE-2017-0650 |
200 |
|
+Info |
2017-06-14 |
2017-07-07 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278. |
|
41 |
CVE-2017-0634 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682. |
|
42 |
CVE-2017-0633 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131. |
|
43 |
CVE-2017-0632 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915. |
|
44 |
CVE-2017-0631 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232. |
|
45 |
CVE-2017-0630 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115. |
|
46 |
CVE-2017-0629 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833. |
|
47 |
CVE-2017-0628 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833. |
|
48 |
CVE-2017-0627 |
200 |
|
+Info |
2017-05-12 |
2018-06-15 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353. |
|
49 |
CVE-2017-0626 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050. |
|
50 |
CVE-2017-0624 |
200 |
|
+Info |
2017-05-12 |
2017-05-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832. |
