Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-18 | CVE-2018-11840 | Double Free vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice. | 7.2 |
| 2018-09-18 | CVE-2018-11836 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function. | 7.2 |
| 2018-09-18 | CVE-2018-11827 | Improper Validation of Array Index vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write. | 7.2 |
| 2018-09-18 | CVE-2018-11826 | Integer Overflow or Wraparound vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler. | 7.2 |
| 2018-09-18 | CVE-2018-11299 | Improper Validation of Array Index vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault. | 7.2 |
| 2018-09-18 | CVE-2018-11297 | Out-of-bounds Read vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW. | 7.2 |
| 2018-09-18 | CVE-2018-11296 | Out-of-bounds Write vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur. | 7.2 |
| 2018-09-18 | CVE-2018-11295 | Out-of-bounds Write vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . | 7.2 |
| 2018-09-18 | CVE-2018-11281 | Use After Free vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. | 7.2 |
| 2018-09-18 | CVE-2018-11274 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large. | 7.2 |