Vulnerabilities > Google > Android > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-03 | CVE-2017-15853 | Out-of-bounds Read vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. | 5.3 |
| 2018-04-03 | CVE-2017-15837 | Out-of-bounds Read vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32(). | 5.3 |
| 2018-03-30 | CVE-2017-9693 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extn_capability results in a read for extra bytes when a memcpy is done from params->ext_capab to StaParams.extn_capability using the sizeof(StaParams.extn_capability). | 5.5 |
| 2018-03-30 | CVE-2017-9691 | Race Condition vulnerability in Google Android There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. | 4.7 |
| 2018-03-30 | CVE-2017-17769 | Information Exposure vulnerability in Google Android Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver. | 5.5 |
| 2018-03-30 | CVE-2017-14891 | Information Exposure vulnerability in Google Android In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable. | 5.3 |
| 2018-03-30 | CVE-2017-9681 | Information Exposure vulnerability in Google Android In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. | 6.5 |
| 2018-03-16 | CVE-2017-15814 | Out-of-bounds Read vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. | 4.4 |
| 2018-03-12 | CVE-2017-6288 | Out-of-bounds Read vulnerability in Google Android NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. | 5.5 |
| 2018-03-12 | CVE-2017-6287 | Out-of-bounds Read vulnerability in Google Android NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. | 5.5 |