Google: >> Android >> 14.0 Security Vulnerabilities
In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-08-16
In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-08-16
When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-08-16
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-16
In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-16
In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-08-16
In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-08-16
A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-08-16
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.
CVSS Score
4.8
EPSS Score
0.001
Published
2017-07-17
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-06-13