Max CVSS 0 Min CVSS 0 Total Count28
IDCVSSSummaryLast (major) updatePublished
CVE-2018-5851 None
Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5849 None
Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5848 None
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5847 None
Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5844 None
In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5843 None
In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware whic
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5842 None
An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-3582 None
Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-3581 None
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-3579 None
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-3576 None
improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-3572 None
While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-3571 None
In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2017-18070 None
In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in a
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2017-15857 None
In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2017-15854 None
The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2017-15843 None
Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2017-15842 None
Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5850 None
In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-5846 None
A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-5845 None
A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-5841 None
dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) usi
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-5840 None
Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-3580 None
Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-3578 None
Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kerne
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-3565 None
While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur.
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-3562 None
Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2017-18154 None
A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
06-06-2018 - 17:29 06-06-2018 - 17:29
Back to Top Mark selected
Back to Top