CVE-2017-17770
https://notcve.org/view.php?id=CVE-2017-17770
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur. En Qualcomm Android for MSM, Firefox OS for MSM, QRD Android, con todas las distribuciones de Android de CAF que utilizan el kernel de Linux antes del parche de seguridad nivel 2018-04-05, en un manipulador ioctl power driver, podría ocurrir una desreferencia de puntero no fiable. • https://source.android.com/security/bulletin/2018-04-01 • CWE-476: NULL Pointer Dereference •
CVE-2018-3599
https://notcve.org/view.php?id=CVE-2018-3599
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur. En Qualcomm Android for MSM, Firefox OS for MSM, QRD Android, con todas las distribuciones de Android de CAF que utilizan el kernel de Linux antes del parche de seguridad nivel 2018-04-05, mientras se notifica un cliente DCI, podría ocurrir un uso de memoria previamente liberada. • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-416: Use After Free •
CVE-2017-18147
https://notcve.org/view.php?id=CVE-2017-18147
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated. En Qualcomm Android for MSM, Firefox OS for MSM, QRD Android, con todas las distribuciones de Android de CAF que utilizan el kernel de Linux antes del parche de seguridad nivel 2018-04-05, en MMCP, no se valida correctamente un mensaje downlink. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-20: Improper Input Validation •
CVE-2018-3596
https://notcve.org/view.php?id=CVE-2018-3596
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed. En Qualcomm Android for MSM, Firefox OS for MSM, QRD Android, con todas las distribuciones de Android de CAF que utilizan el kernel de Linux antes del parche de seguridad nivel 2018-04-05, se ha eliminado el código de herencia vulnerable tras la mitigación. • https://source.android.com/security/bulletin/pixel/2018-04-01 •
CVE-2017-14876
https://notcve.org/view.php?id=CVE-2017-14876
In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write. En msm_ispif_config_stereo() en Android for MSM, Firefox OS for MSM y QRD Android, en versiones anteriores al 2017-06-21, el parámetro params->entries[i].vfe_intf viene del espacio de usuario sin ninguna comprobación de límites, lo que podría resultar en una escritura fuera de límites del kernel. • https://source.android.com/security/bulletin/pixel/2018-02-01 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0 • CWE-787: Out-of-bounds Write •