Android Security Vulnerabilities
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.
7.8CVSS
7.5AI Score
0.001EPSS
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android int...
7.8CVSS
7.3AI Score
0.001EPSS
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.
7.8CVSS
7.3AI Score
0.001EPSS
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.
7.8CVSS
7.3AI Score
0.001EPSS
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
5.5CVSS
5.8AI Score
0.001EPSS
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.
7.8CVSS
7.5AI Score
0.001EPSS
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.
7.8CVSS
7.5AI Score
0.001EPSS
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR...
7.8CVSS
7.5AI Score
0.001EPSS
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.
7.8CVSS
7.6AI Score
0.001EPSS
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qu...
7.8CVSS
7.5AI Score
0.001EPSS
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR...
7.8CVSS
7.5AI Score
0.001EPSS
drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 a...
7.8CVSS
7.6AI Score
0.001EPSS
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28...
5.5CVSS
4.8AI Score
0.001EPSS
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm int...
7.8CVSS
8.2AI Score
0.001EPSS
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
7.3CVSS
7.5AI Score
0.0004EPSS
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
6.1CVSS
6.6AI Score
0.0004EPSS
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
7.8CVSS
8AI Score
0.001EPSS
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
7.8CVSS
7.6AI Score
0.001EPSS
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.
7CVSS
6.7AI Score
0.001EPSS
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.
7CVSS
6.7AI Score
0.001EPSS
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
7.8CVSS
7.6AI Score
0.001EPSS
In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.
7.8CVSS
7.5AI Score
0.001EPSS
In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
7.8CVSS
7.4AI Score
0.001EPSS
In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
5.5CVSS
5.5AI Score
0.001EPSS
In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
7.8CVSS
7.4AI Score
0.001EPSS
In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel.
7.8CVSS
7.4AI Score
0.001EPSS
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
7.8CVSS
7.2AI Score
0.001EPSS
In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
7.8CVSS
7.2AI Score
0.001EPSS
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
7.8CVSS
7.2AI Score
0.001EPSS
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
7.8CVSS
7.2AI Score
0.001EPSS
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
9.8CVSS
8.8AI Score
0.003EPSS
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
9.8CVSS
8.8AI Score
0.003EPSS
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
9.8CVSS
8.8AI Score
0.003EPSS
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
9.8CVSS
8.8AI Score
0.003EPSS
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.
9.8CVSS
8.8AI Score
0.003EPSS
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.
9.8CVSS
8.8AI Score
0.003EPSS
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.
9.8CVSS
8.8AI Score
0.003EPSS
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.
7.8CVSS
7.6AI Score
0.001EPSS
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-6308304...
7CVSS
7.7AI Score
0.0004EPSS
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.
7.8CVSS
7.5AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.
5.5CVSS
5.8AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.
7CVSS
6.9AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
7.8CVSS
7.7AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.
5.5CVSS
5.5AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application.
7.8CVSS
7.7AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
7.8CVSS
7.4AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
7.8CVSS
7.4AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine.
7.8CVSS
7.7AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.
7.8CVSS
7.4AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
7.8CVSS
7.5AI Score
0.001EPSS