| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. |
| An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901. |
| An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105. |
| An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475. |
| An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189. |
| A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. |
| A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812. |
| A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. |
| A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911. |
| In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. |
| In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. |
| In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. |
| In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. |
| In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. |
| In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. |
| In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. |
| A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. |