CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9725 – kernel: Incorrect type conversion for size during dma allocation
https://notcve.org/view.php?id=CVE-2017-9725
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. En todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, durante la asignación de DMA, el tamaño de asignación se trunca, lo que permite que la asignación sea un éxito cuando debería fallar. Esto se debe a un tipo de tamaño de datos erróneo. A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation. • http://www.securityfocus.com/bid/100658 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://source.android.com/security/bulletin/2017-09-01 https://access.redhat.com/security/cve/CVE-2017-9725 https://bugzilla.redhat.com/show_bug.cgi?id=1489088 • CWE-681: Incorrect Conversion between Numeric Types CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8247
https://notcve.org/view.php?id=CVE-2017-8247
In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function "msm_close". En todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, si hay más de un subproceso realizando la operación de apertura del dispositivo, éste podría abrirse más de una vez. Esto llevaría a que get_pid being sea llamado más de una vez, aunque put_pid solo se llamaría una vez en la función "msm_close". • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10999
https://notcve.org/view.php?id=CVE-2017-10999
In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, una serie de llamadas concurrentes en el ioctl RMNET_IOCTL_ADD_MUX_CHANNEL en el driver ipa wan podría provocar la corrupción de la memoria debido a la ausencia de "locks". • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11000
https://notcve.org/view.php?id=CVE-2017-11000
In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, en una función del driver del kernel de ISP Camera, una comprobación en los límites incorrectos podría provocar una escritura fuera de límites. • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8278
https://notcve.org/view.php?id=CVE-2017-8278
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur. En todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, podría ocurrir un desbordamiento de búfer o de enteros al leer datos de audio desde un controlador sin especificar. • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •