Vulnerabilities > Google > Android

DATE CVE VULNERABILITY TITLE RISK
2019-02-11 CVE-2018-12011 Use of Uninitialized Resource vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.
local
low complexity
google CWE-908
2.1
2019-02-11 CVE-2018-12010 Out-of-bounds Write vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.
local
low complexity
google CWE-787
4.6
2019-02-11 CVE-2018-12006 Information Exposure vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.
local
low complexity
google CWE-200
2.1
2019-02-11 CVE-2018-11962 Use After Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.
local
low complexity
google CWE-416
7.2
2019-01-31 CVE-2018-6241 Improper Input Validation vulnerability in Google Android
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges.
local
low complexity
google CWE-20
7.2
2018-12-20 CVE-2018-11988 Use After Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.
local
low complexity
google CWE-416
4.6
2018-12-20 CVE-2018-11987 Double Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.
local
low complexity
google CWE-415
4.6
2018-12-20 CVE-2018-11986 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.
local
low complexity
google CWE-119
4.6
2018-12-20 CVE-2018-11985 Integer Overflow or Wraparound vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.
local
low complexity
google CWE-190
4.6
2018-12-20 CVE-2018-11984 Use After Free vulnerability in Google Android
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.
local
low complexity
google CWE-416
4.6