Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-23 CVE-2017-15861 Improper Validation of Array Index vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.
local
low complexity
google CWE-129
7.8
2018-02-23 CVE-2017-15860 Type Confusion vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
local
low complexity
google CWE-843
7.8
2018-02-23 CVE-2017-15829 Race Condition vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
local
high complexity
google CWE-362
7.0
2018-02-23 CVE-2017-15820 Use After Free vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
local
low complexity
google CWE-416
7.8
2018-02-23 CVE-2017-15817 Improper Input Validation vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.
local
low complexity
google CWE-20
7.8
2018-02-23 CVE-2017-14884 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.
local
low complexity
google CWE-119
7.8
2018-02-15 CVE-2017-13273 Unspecified vulnerability in Google Android
In xt_qtaguid.c, there is a race condition due to insufficient locking.
local
high complexity
google
7.0
2018-02-12 CVE-2017-13247 Missing Authorization vulnerability in Google Android
In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock.
local
low complexity
google CWE-862
7.8
2018-02-12 CVE-2017-13246 Information Exposure vulnerability in Google Android
A information disclosure vulnerability in the Upstream kernel network driver.
network
low complexity
google CWE-200
7.5
2018-02-12 CVE-2017-13245 Unspecified vulnerability in Google Android
A elevation of privilege vulnerability in the Upstream kernel audio driver.
local
low complexity
google
7.8