Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-12 CVE-2017-6286 Out-of-bounds Write vulnerability in Google Android
NVIDIA libnvomx contains a possible out of bounds write due to a missing bounds check which could lead to local escalation of privilege.
local
low complexity
google CWE-787
7.8
2018-03-12 CVE-2017-6281 Out-of-bounds Write vulnerability in Google Android
NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege.
local
low complexity
google CWE-787
7.8
2018-03-06 CVE-2017-6296 Race Condition vulnerability in multiple products
NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges.
local
high complexity
nvidia google CWE-362
7.0
2018-03-06 CVE-2017-6295 Out-of-bounds Read vulnerability in multiple products
NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure.
local
low complexity
nvidia google CWE-125
8.4
2018-03-06 CVE-2017-6282 Write-what-where Condition vulnerability in multiple products
NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges.
local
low complexity
nvidia google CWE-123
7.8
2018-03-06 CVE-2017-6280 Out-of-bounds Read vulnerability in Google Android
NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure.
network
low complexity
google CWE-125
7.5
2018-02-23 CVE-2017-17767 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.
local
low complexity
google CWE-119
7.8
2018-02-23 CVE-2017-17765 Integer Overflow or Wraparound vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.
local
low complexity
google CWE-190
7.8
2018-02-23 CVE-2017-17764 Integer Overflow or Wraparound vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.
local
low complexity
google CWE-190
7.8
2018-02-23 CVE-2017-15862 Integer Overflow or Wraparound vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.
local
low complexity
google CWE-190
7.8