CVE-2017-18126
https://notcve.org/view.php?id=CVE-2017-18126
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016, la característica original de suplantación de mac no emplea lo siguiente en los frames de petición de sondeo: (a) números de secuencia aleatorizados y (b) una dirección de origen aleatorizada para cfg80211 scan, vendor scan y pno scan, lo que podría afectar a la privacidad del usuario. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 •
CVE-2017-18127
https://notcve.org/view.php?id=CVE-2017-18127
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted name_len and value_len values are not checked and could potentially cause a buffer overflow in subsequent calls to memcpy(). En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835 y SD 845, al procesar un paquete de comando SetParam en el servicio VR, los valores extraídos name_len y value_len no se comprueban. Esto podría provocar un desbordamiento de búfer en llamadas subsecuentes a memcpy(). • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-18136
https://notcve.org/view.php?id=CVE-2017-18136
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, in the omx aac component, a Use After Free condition may potentially occur. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835 y SD 845 podría ocurrir una condición de uso de memoria previamente liberada en el componente omx aac. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-416: Use After Free •
CVE-2017-11011
https://notcve.org/view.php?id=CVE-2017-11011
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820 y SD 835, puede ocurrir una condición de uso de memoria previamente liberada en la API de comunicación. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-416: Use After Free •
CVE-2017-18144
https://notcve.org/view.php?id=CVE-2017-18144
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing the retransmission of WPA supplicant command send failures, there is a make after break of the connection to WPA supplicant where the local pointer is not properly updated. If the WPA supplicant command transmission fails, a Use After Free condition will occur. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835 y SD 845, al procesar la retransmisión de errores de envío de comandos suplicantes WPA, hay un "make after break" de la conexión al suplicante WPA donde el puntero local no se actualiza correctamente. Si la transmisión del comando suplicante WPA fracasa, ocurrirá una condición de uso de memoria previamente liberada. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-416: Use After Free •