Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-13 CVE-2017-7366 Improper Input Validation vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.
local
low complexity
google CWE-20
5.5
5.5
2017-06-13 CVE-2016-10337 Improper Input Validation vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.
local
low complexity
google CWE-20
5.5
5.5
2017-06-13 CVE-2016-10336 7PK - Security Features vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.
local
low complexity
google CWE-254
5.5
5.5
2017-06-13 CVE-2016-10335 Improper Access Control vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.
local
low complexity
google CWE-284
5.5
5.5
2017-06-13 CVE-2016-10334 Improper Access Control vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.
local
low complexity
google CWE-284
5.5
5.5
2017-06-13 CVE-2016-10333 Improper Access Control vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS.
local
low complexity
google CWE-284
5.5
5.5
2017-06-13 CVE-2016-10332 7PK - Security Features vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications.
local
low complexity
google CWE-254
5.5
5.5
2017-06-13 CVE-2015-9024 Improper Access Control vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.
local
low complexity
google CWE-284
5.5
5.5
2017-06-13 CVE-2015-9021 Improper Access Control vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.
local
low complexity
google CWE-284
5.5
5.5
2017-06-13 CVE-2017-9605 Information Exposure vulnerability in Linux Kernel
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value.
local
low complexity
linux CWE-200
5.5
5.5