Google: >> Android >> 7.2 Security Vulnerabilities
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-09-21
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-21
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-09-21
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-09-21
A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-09-08
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-08
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-08-18