CVE-2017-8251
https://notcve.org/view.php?id=CVE-2017-8251
In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle. En todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, 'stream_cfg_cmd->num_streams' no se comprueba en las funciones msm_isp_check_stream_cfg_cmd y msm_isp_stats_update_cgc_override. Esto podría provocar el desbordamiento del array stream_cfg_cmd->stream_handle. • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-129: Improper Validation of Array Index •
CVE-2017-9720
https://notcve.org/view.php?id=CVE-2017-9720
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. Podría ocurrir una lectura/escritura fuera de límites en todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux debido a un error por un paso (off-by-one). • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-193: Off-by-one Error •
CVE-2017-9676
https://notcve.org/view.php?id=CVE-2017-9676
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. Podrían darse situaciones en las que se use memoria previamente liberada y condiciones de carrera al acceder a variables estáticas globales sin emplear un lock en todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux. • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2017-11001
https://notcve.org/view.php?id=CVE-2017-11001
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, la longitud de la dirección MAC no se comprueba, lo que podría provocar una lectura fuera de límites. • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0804
https://notcve.org/view.php?id=CVE-2017-0804
A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487. • http://www.securityfocus.com/bid/100652 https://source.android.com/security/bulletin/2017-09-01 •