Page 30 of 765 results (0.005 seconds)

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. En todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, durante la asignación de DMA, el tamaño de asignación se trunca, lo que permite que la asignación sea un éxito cuando debería fallar. Esto se debe a un tipo de tamaño de datos erróneo. A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation. • http://www.securityfocus.com/bid/100658 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://source.android.com/security/bulletin/2017-09-01 https://access.redhat.com/security/cve/CVE-2017-9725 https://bugzilla.redhat.com/show_bug.cgi?id=1489088 • CWE-681: Incorrect Conversion between Numeric Types CWE-682: Incorrect Calculation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. En la función msm_compr_ioctl_shared en todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, se podría acceder a la variable "ddp->params_length" y modificarla empleando múltiples subprocesos, siempre y cuando no esté protegida por locks. Si un subproceso se está ejecutando mientras otro establece los datos, ocurrirá una condición de carrera. • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. Podría ocurrir una lectura/escritura fuera de límites en todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux debido a un error por un paso (off-by-one). • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-193: Off-by-one Error •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, una escritura en el registro PCIe podría provocar que se corrompa la memoria del kernel utilizando un nodo debugfs. • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time. En todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, si el registro de clientes fracasa en la función msm_dba_register_client, se liberaría. Sin embargo, el cliente no fue eliminado de la lista. • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-416: Use After Free •