| Max CVSS | 7.2 | Min CVSS | 3.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-11276 | 4.6 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allo
|
09-11-2018 - 18:24 | 18-09-2018 - 18:29 | |
| CVE-2018-11281 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries
|
09-11-2018 - 17:56 | 18-09-2018 - 18:29 | |
| CVE-2018-11265 | 4.6 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory b
|
09-11-2018 - 17:55 | 18-09-2018 - 18:29 | |
| CVE-2018-11273 | 4.6 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resourc
|
09-11-2018 - 17:47 | 18-09-2018 - 18:29 | |
| CVE-2018-11297 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from
|
09-11-2018 - 17:38 | 18-09-2018 - 18:29 | |
| CVE-2018-11298 | 4.6 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL termin
|
09-11-2018 - 17:36 | 18-09-2018 - 18:29 | |
| CVE-2018-11300 | 4.6 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a "Use after free" scenario.
|
09-11-2018 - 17:35 | 18-09-2018 - 18:29 | |
| CVE-2018-11301 | 4.6 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.
|
09-11-2018 - 17:33 | 18-09-2018 - 18:29 | |
| CVE-2018-11293 | 3.3 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, i
|
09-11-2018 - 17:16 | 18-09-2018 - 18:29 | |
| CVE-2018-11295 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max leng
|
09-11-2018 - 16:30 | 18-09-2018 - 18:29 | |
| CVE-2018-11296 | 7.2 |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur.
|
09-11-2018 - 16:19 | 18-09-2018 - 18:29 |