CVE-2016-5344
https://notcve.org/view.php?id=CVE-2016-5344
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. Múltiples desbordamientos de entero en el controlador MDSS para el kernel 3.x de Linux, tal como se utiliza en contribuciones Qualcomm Innovation Center (QuIC) Android para dispositivos MSM y otros productos, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor de gran tamaño, relacionado con mdss_compat_utils.c, mdss_fb.c y mdss_rotator.c. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92695 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7 https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-5340
https://notcve.org/view.php?id=CVE-2016-5340
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. La función is_ashmem_file en drivers/staging/android/ashmem.c en un cierto parche Qualcomm Innovation Center (QuIC) Android para el kernel de Linux 3.x no maneja adecuadamente validación de puntero dentro de KGSL Linux Graphics Module, lo que permite a atacantes eludir restricciones de acceso intencionadas usando la cadena /ashmem como el nombre dentry. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92374 http://www.securitytracker.com/id/1036763 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6 https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340 • CWE-20: Improper Input Validation •
CVE-2016-5696 – kernel: challenge ACK counter information disclosure.
https://notcve.org/view.php?id=CVE-2016-5696
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758 http://rhn.redhat.com/errata/RHSA-2016-1631.html http://rhn.redhat.com/errata/RHSA-2016-1632.html http://rhn.redhat.com/errata/RHSA-2016-1633.html http://rhn.redhat.com/errata/RHSA-2016-1657.html http://rhn.redhat.com/errata/RHSA-2016-1664.html http://rhn.redhat.com/errata/RHSA-2016-1814.html http://rhn.redhat.com/errata/RHSA-2016-1815.html http://rhn. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2014-9868
https://notcve.org/view.php?id=CVE-2014-9868
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976. drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c en los componentes de Qualcomm en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 5 y 7 (2013) permite a atacantes obtener privilegios a través de una aplicación que proporciona un valor de máscara manipulado, también conocido como error interno de Android 28749721 y error interno de Qualcomm CR511976. • http://source.android.com/security/bulletin/2016-08-01.html http://www.securityfocus.com/bid/92219 https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-8937
https://notcve.org/view.php?id=CVE-2015-8937
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548. drivers/char/diag/diagchar_core.c en los componentes de Qualcomm en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 5, 6 y 7 (2013) no maneja adecuadamente un proceso de tomas, lo que permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno de Android 28803962 y error interno de Qualcomm CR770548. • http://source.android.com/security/bulletin/2016-08-01.html http://www.securityfocus.com/bid/92219 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170 • CWE-19: Data Processing Errors •