Vulnerabilities > Google > Android

DATE CVE VULNERABILITY TITLE RISK
2018-03-16 CVE-2017-18051 Out-of-bounds Read vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read.
network
low complexity
google CWE-125
7.5
2018-03-16 CVE-2017-18050 Out-of-bounds Read vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds memory read.
local
low complexity
google CWE-125
7.8
2018-03-16 CVE-2017-15834 Race Condition vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.
local
high complexity
google CWE-362
7.0
2018-03-16 CVE-2017-15833 NULL Pointer Dereference vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure.
local
low complexity
google CWE-476
7.8
2018-03-16 CVE-2017-15831 Integer Overflow or Wraparound vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation check on a event_info value coming from firmware, which can cause an integer overflow and then leads to potential heap overwrite.
local
low complexity
google CWE-190
7.8
2018-03-16 CVE-2017-15830 Improper Validation of Array Index vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.
local
low complexity
google CWE-129
7.8
2018-03-16 CVE-2017-15814 Out-of-bounds Read vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation.
local
low complexity
google CWE-125
4.4
2018-03-16 CVE-2017-14889 Improper Validation of Array Index vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.
local
low complexity
google CWE-129
7.8
2018-03-16 CVE-2017-14887 Integer Overflow or Wraparound vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur.
local
low complexity
google CWE-190
7.8
2018-03-16 CVE-2017-11082 Race Condition vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs.
local
high complexity
google CWE-362
7.0