| Max CVSS | 10.0 | Min CVSS | 5.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-5855 | 10.0 |
While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.
|
03-10-2019 - 00:03 | 06-07-2018 - 19:29 | |
| CVE-2018-11826 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.
|
03-10-2019 - 00:03 | 18-09-2018 - 18:29 | |
| CVE-2018-11851 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.
|
18-04-2019 - 13:01 | 18-09-2018 - 18:29 | |
| CVE-2018-11869 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.
|
18-04-2019 - 13:00 | 18-09-2018 - 18:29 | |
| CVE-2018-11860 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length.
|
18-04-2019 - 13:00 | 18-09-2018 - 18:29 | |
| CVE-2018-11878 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function.
|
18-04-2019 - 13:00 | 19-09-2018 - 14:29 | |
| CVE-2018-11868 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler.
|
18-04-2019 - 13:00 | 18-09-2018 - 18:29 | |
| CVE-2018-11891 | 8.3 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.
|
18-04-2019 - 13:00 | 19-09-2018 - 14:29 | |
| CVE-2018-11889 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free.
|
18-04-2019 - 13:00 | 19-09-2018 - 14:29 | |
| CVE-2018-11894 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from
|
18-04-2019 - 12:59 | 19-09-2018 - 14:29 | |
| CVE-2018-11895 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the fr
|
18-04-2019 - 12:59 | 19-09-2018 - 14:29 | |
| CVE-2018-11897 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit.
|
18-04-2019 - 12:59 | 19-09-2018 - 14:29 | |
| CVE-2018-11904 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will deref
|
18-04-2019 - 12:58 | 19-09-2018 - 14:29 | |
| CVE-2018-11902 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.
|
18-04-2019 - 12:58 | 19-09-2018 - 14:29 | |
| CVE-2018-11827 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.
|
05-04-2019 - 07:29 | 18-09-2018 - 18:29 | |
| CVE-2018-11840 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.
|
05-04-2019 - 07:29 | 18-09-2018 - 18:29 | |
| CVE-2018-11299 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound c
|
05-04-2019 - 07:29 | 18-09-2018 - 18:29 | |
| CVE-2018-11294 | 5.8 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC
|
05-04-2019 - 07:29 | 18-09-2018 - 18:29 |