Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2017-10-10 CVE-2017-9686 Double Free vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used.
local
low complexity
google CWE-415
4.6
2017-10-10 CVE-2017-9683 Integer Overflow or Wraparound vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large.
local
low complexity
google CWE-190
7.2
2017-10-10 CVE-2017-11067 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentially lead to the use of an out-of-range pointer offset.
local
low complexity
google CWE-119
4.6
2017-10-10 CVE-2017-11064 Out-of-bounds Read vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively.
network
low complexity
google CWE-125
5.0
2017-10-10 CVE-2017-11063 NULL Pointer Dereference vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur.
network
google CWE-476
4.3
2017-10-10 CVE-2017-11062 Out-of-bounds Read vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can potentially lead to a buffer overread.
network
low complexity
google CWE-125
5.0
2017-10-10 CVE-2017-11061 Out-of-bounds Read vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur.
network
low complexity
google CWE-125
5.0
2017-10-10 CVE-2017-11060 Out-of-bounds Read vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively.
network
low complexity
google CWE-125
5.0
2017-10-10 CVE-2017-11059 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow.
local
low complexity
google CWE-119
4.6
2017-10-10 CVE-2017-11057 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address.
local
low complexity
google CWE-119
4.6