VARIoT IoT vulnerabilities database
| VAR-201804-0070 | CVE-2015-9165 | plural Qualcomm Run on product Android Double release vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, incorrect error handling could lead to a double free in QTEE file service API. plural Qualcomm Run on product Android Contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm IPQ4019 and so on are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A double free vulnerability exists in the QTEE file service API of the Qualcomm closed source component in Android versions prior to 2018-04-05, which is caused by incorrect error handling. A remote attacker could exploit this vulnerability to gain access
| VAR-201804-0103 | CVE-2015-9110 | plural Qualcomm Run on product Android Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_get_secure_state syscall. plural Qualcomm Run on product Android Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm SD 425, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm). The vulnerability stems from the fact that the program does not verify the 'address' parameter when calling qsee_get_secure_state syscall. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
| VAR-201804-0107 | CVE-2015-9114 | plural Qualcomm Run on product Android In NULL Pointer dereference vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation in qsee_query_counter syscall could lead to untrusted pointer dereference. plural Qualcomm Run on product Android Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm SD 425, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm). The vulnerability stems from the lack of verification of the 'address' parameter in the program. A remote attacker could exploit this vulnerability to backreference an untrusted pointer. The following products (used in automotive and mobile devices) are affected: Qualcomm SD 425; SD 430; SD 450; SD 625; SD 650/52; SD 820; SD 820A
| VAR-201804-0101 | CVE-2015-9108 | plural Qualcomm Run on product Android Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NULL Pointer exception when calling a downstream function. plural Qualcomm Run on product Android Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9625, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. The vulnerability stems from the fact that the program does not verify the 'address' parameter when calling the QSEE syscall. An attacker could exploit this vulnerability to perform arbitrary read/write operations or cause a null pointer exception. The following products (for mobile devices and automotive) are affected: Qualcomm MDM9625; Qualcomm SD 425; Qualcomm SD 430; Qualcomm SD 450; Qualcomm SD 625; Qualcomm SD 650/52; Qualcomm SD 820; Qualcomm SD 820A
| VAR-201804-0031 | CVE-2015-9146 | plural Qualcomm Run on product Android Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, and SDX20, when QDI read, write, or ioctl are called, the passed-in pointer is not properly validated before accessing it for the delayed response. plural Qualcomm Run on product Android Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9625, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. There is an input validation vulnerability in Qualcomm closed-source components in versions prior to Android 2018-04-05. The vulnerability stems from the fact that the program does not properly validate the incoming pointer before accessing it. A remote attacker could exploit this vulnerability to gain access. The following products (for mobile devices) are affected: Qualcomm MDM9625; MDM9635M; MDM9645; MDM9650; MDM9655; SD 400; SD 800; SD 835; SD 845; SD 850;
| VAR-201804-0102 | CVE-2015-9109 | plural Qualcomm Run on product Android In NULL Pointer dereference vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation inqsee_fuse_write could lead to untrusted pointer dereference. plural Qualcomm Run on product Android Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9625, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. The vulnerability is due to the lack of verification of the 'address' parameter in the program. A remote attacker could exploit this vulnerability to backreference an untrusted pointer
| VAR-201804-0109 | CVE-2015-9116 | plural Qualcomm Run on product Android Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, in a QTEE syscall handler, an untrusted pointer dereference can occur. plural Qualcomm Run on product Android Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9625, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An input validation vulnerability exists in Qualcomm closed-source components in versions prior to Android 2018-04-05. A remote attacker could exploit this vulnerability to backreference an untrusted pointer
| VAR-201804-0032 | CVE-2015-9147 | plural Qualcomm Run on product Android Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, userspace-provided pointer arguments are not validated. plural Qualcomm Run on product Android Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9625, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. There is an input validation vulnerability in Qualcomm closed-source components in versions prior to Android 2018-04-05. The vulnerability stems from the fact that the program does not verify the pointer parameters provided by the user. A remote attacker could exploit this vulnerability to gain access. The following products (used in mobile devices) are affected: Qualcomm MDM9625; MDM9635M; SD 400; SD 800
| VAR-201804-0044 | CVE-2015-9151 | plural Qualcomm Run on product Android Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, userspace-provided pointer arguments are not validated. plural Qualcomm Run on product Android Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9625, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. There is an input validation vulnerability in Qualcomm closed-source components in Android versions before 2018-04-05. The vulnerability stems from the fact that the program does not verify the pointer parameters provided by the user space. An attacker could exploit this vulnerability to gain access. The following products (used in mobile devices) are affected: Qualcomm MDM9625; MDM9635M; SD 400; SD 800
| VAR-201804-0175 | CVE-2015-9223 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 600, and SD 800, a buffer overflow can occur when processing an audio buffer. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9615 and others are central processing unit (CPU) products of Qualcomm (Qualcomm). There is a buffer overflow vulnerability in Qualcomm closed-source components in Android versions prior to 2018-04-05. A remote attacker could exploit this to execute arbitrary code on the system by using the audio buffer. The following products (for mobile devices) are affected: Qualcomm MDM9615; MDM9625; MDM9635M; SD 400; SD 600; SD 800
| VAR-201804-0073 | CVE-2015-9177 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a crypto API function, a buffer over-read can occur. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. There is a buffer error vulnerability in the crypto API function of the Qualcomm closed-source component in Android versions before 2018-04-05. A remote attacker could exploit this vulnerability to obtain sensitive information by sending a specially crafted request (buffer out-of-bounds read)
| VAR-201804-0064 | CVE-2015-9159 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. There is a buffer overflow vulnerability in Qualcomm closed-source components in versions prior to Android 2018-04-05. The vulnerability stems from the fact that the program does not perform input validation. A remote attacker could exploit this vulnerability to execute arbitrary code on the system
| VAR-201804-0300 | CVE-2014-9987 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, a buffer over-read can occur in a DRM API. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). DRM API is one of the Digital Rights Management APIs (Application Programming Interface). Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. The DRM API in Android versions prior to 2018-04-05 has a buffer out-of-bounds read vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
| VAR-201804-0051 | CVE-2015-9199 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, and SD 820A, A non-secure region check is done while registering QSEE buffer address which is passed by HLOS but not while logging in the QSEE buffer, so corruption of dynamically protected secure region can occur if the non-secure buffer is changed between the time it's checked and when it's used. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm IPQ4019 and so on are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer error vulnerability exists in Qualcomm closed-source components in versions prior to Android 2018-04-05. A remote attacker could exploit this vulnerability to compromise a dynamically protected security zone. The following products (for automotive and mobile devices) are affected: Qualcomm IPQ4019; MDM9625; MDM9635M; MDM9640; MDM9650; MDM9655; SD 210; SD 212; SD 205; ; SD 800; SD 808; SD 810; SD 820; SD 820A
| VAR-201804-0010 | CVE-2015-9190 | plural Qualcomm Run on product Android Integer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and SD 810, if start_addr + size is too large in boot_clobber_check_local_address_range(), an integer overflow occurs, resulting in clobber protection check being bypassed and SBL memory corruption. plural Qualcomm Run on product Android Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm IPQ4019 and so on are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An integer overflow vulnerability exists in Qualcomm closed-source components in Android versions prior to 2018-04-05. A remote attacker can exploit this vulnerability by sending a specially crafted value to bypass security protection detection and cause SBL memory corruption. The following products (used in mobile devices and watches) are affected: Qualcomm IPQ4019; MDM9206; MDM9607; MDM9615; MDM9625; MDM9635M; MSM8909W; /16; SD 415; SD 808; SD 810
| VAR-201804-0047 | CVE-2015-9156 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, when making a high speed Dual Carrier Downlink Data call in a multicell environment, a buffer overflow may occur. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. There is a buffer overflow vulnerability in Qualcomm closed-source components in Android versions prior to 2018-04-05. A remote attacker could exploit this vulnerability to execute arbitrary code on the system by sending a specially crafted request. The following products (for mobile devices and watches) are affected: Qualcomm MDM9206; MDM9607; MDM9635M; MSM8909W; SD 210; SD 212; SD 205; SD 400; SD 410/12; SD 425; SD 415; SD 617; SD 800; SD 808; SD 810
| VAR-201804-0015 | CVE-2015-9195 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9650, MDM9655, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, SD 810, and SDX20, in a QTEE syscall handler, HLOS can cause a buffer overflow to occur. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). QTEE syscall handler is one of the QTEE system call handlers. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. There is a buffer overflow vulnerability in the QTEE syscall handler of the Qualcomm closed-source component in Android versions before 2018-04-05. A remote attacker could exploit this vulnerability to execute arbitrary code on the system
| VAR-201804-0041 | CVE-2015-9174 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of validation of the return value prior to using for buffer allocation in QSEE application, TQS, may result in memory overwrite. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm SD 410, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm). There is a buffer error vulnerability in Qualcomm closed-source components in versions before Android 2018-04-05. The vulnerability is caused by the program not validating the return value before allocating the buffer. A remote attacker could exploit this vulnerability to overwrite memory. The following products (for mobile devices) are affected: Qualcomm SD 410/12; SD 617; SD 650/52; SD 800; SD 808; SD 810
| VAR-201804-0040 | CVE-2015-9173 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, missing of return value check in memscpy can cause memory corruption in TQS App. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm SD 410, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm). There is a buffer error vulnerability in Qualcomm closed-source components in versions before Android 2018-04-05. The vulnerability is caused by the fact that the memscpy function does not detect the return value. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption)
| VAR-201804-0544 | CVE-2017-18130 | plural Qualcomm Run on product Android Buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while playing an ASF file, a buffer over-read can potentially occur. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities.
Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. The Qualcomm closed-source component in Android versions before 2018-04-05 has a buffer out-of-bounds read vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements