Vulnerabilities > Google > Android > 4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-06 | CVE-2016-3855 | Out-of-bounds Read vulnerability in Google Android drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824. | 6.8 |
| 2016-08-06 | CVE-2016-3854 | Out-of-bounds Read vulnerability in Google Android drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326. | 6.8 |
| 2016-08-06 | CVE-2015-8944 | Information Exposure vulnerability in multiple products The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. | 4.3 |
| 2016-08-06 | CVE-2015-8943 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226. | 6.8 |
| 2016-08-06 | CVE-2015-8942 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246. | 9.3 |
| 2016-08-06 | CVE-2015-8941 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473. | 9.3 |
| 2016-08-06 | CVE-2015-8940 | Permissions, Privileges, and Access Controls vulnerability in Google Android Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367. | 9.3 |
| 2016-08-06 | CVE-2015-8939 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021. | 9.3 |
| 2016-08-06 | CVE-2015-8938 | Permissions, Privileges, and Access Controls vulnerability in Google Android The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022. | 9.3 |
| 2016-08-06 | CVE-2015-8937 | Data Processing Errors vulnerability in Google Android drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548. | 6.8 |