The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit

In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. Th

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write reque

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the deb

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.

In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.

The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invali

In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202.

A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163.

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278.

A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096.

A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425.

An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Produ

A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280.

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623.

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.

A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151.

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151.

A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.

A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177.

A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36993291.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453.

A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578.

A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.

A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467.

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.

A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36385715.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566.

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure.

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.

In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.

Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.

An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Versio

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine.

In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.

In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partitio

In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.

In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.

In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.

In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.

In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.

In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory.

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.

A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.

Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter.

In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur.

An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote

A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879.

A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048.

A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.

A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752.

A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458.

A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.