Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-372
Vulnerability from certfr_avis - Published: 2018-08-07 - Updated: 2018-08-07
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 06 ao\u00fbt 2018",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-18292",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18292"
},
{
"name": "CVE-2018-9446",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9446"
},
{
"name": "CVE-2018-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9454"
},
{
"name": "CVE-2018-5903",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5903"
},
{
"name": "CVE-2018-9437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9437"
},
{
"name": "CVE-2017-18296",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18296"
},
{
"name": "CVE-2018-1068",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1068"
},
{
"name": "CVE-2017-9711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9711"
},
{
"name": "CVE-2018-9427",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9427"
},
{
"name": "CVE-2018-9444",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9444"
},
{
"name": "CVE-2017-13322",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13322"
},
{
"name": "CVE-2017-18293",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18293"
},
{
"name": "CVE-2018-11305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11305"
},
{
"name": "CVE-2018-9461",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9461"
},
{
"name": "CVE-2018-9439",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9439"
},
{
"name": "CVE-2018-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5908"
},
{
"name": "CVE-2018-5904",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5904"
},
{
"name": "CVE-2018-9463",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9463"
},
{
"name": "CVE-2017-8261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8261"
},
{
"name": "CVE-2017-18304",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18304"
},
{
"name": "CVE-2018-9464",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9464"
},
{
"name": "CVE-2018-9436",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9436"
},
{
"name": "CVE-2018-9457",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9457"
},
{
"name": "CVE-2018-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3587"
},
{
"name": "CVE-2018-9445",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9445"
},
{
"name": "CVE-2017-13242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13242"
},
{
"name": "CVE-2018-9451",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9451"
},
{
"name": "CVE-2018-9453",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9453"
},
{
"name": "CVE-2018-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9458"
},
{
"name": "CVE-2018-9449",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9449"
},
{
"name": "CVE-2018-9447",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9447"
},
{
"name": "CVE-2018-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5905"
},
{
"name": "CVE-2017-18295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18295"
},
{
"name": "CVE-2017-18283",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18283"
},
{
"name": "CVE-2017-18281",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18281"
},
{
"name": "CVE-2018-9450",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9450"
},
{
"name": "CVE-2017-18249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18249"
},
{
"name": "CVE-2017-18309",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18309"
},
{
"name": "CVE-2017-18303",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18303"
},
{
"name": "CVE-2018-9459",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9459"
},
{
"name": "CVE-2018-11263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11263"
},
{
"name": "CVE-2018-9448",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9448"
},
{
"name": "CVE-2018-9438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9438"
},
{
"name": "CVE-2018-9465",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9465"
},
{
"name": "CVE-2017-18299",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18299"
},
{
"name": "CVE-2018-11258",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11258"
},
{
"name": "CVE-2017-18307",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18307"
},
{
"name": "CVE-2018-9455",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9455"
},
{
"name": "CVE-2017-18301",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18301"
},
{
"name": "CVE-2017-18306",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18306"
},
{
"name": "CVE-2018-9435",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9435"
},
{
"name": "CVE-2017-18297",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18297"
},
{
"name": "CVE-2017-18294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18294"
},
{
"name": "CVE-2017-18280",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18280"
},
{
"name": "CVE-2017-13295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13295"
},
{
"name": "CVE-2017-18300",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18300"
},
{
"name": "CVE-2017-18298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18298"
},
{
"name": "CVE-2017-15817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15817"
},
{
"name": "CVE-2017-18308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18308"
},
{
"name": "CVE-2017-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18310"
},
{
"name": "CVE-2017-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18282"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-18302",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18302"
},
{
"name": "CVE-2018-9462",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9462"
},
{
"name": "CVE-2018-11260",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11260"
},
{
"name": "CVE-2017-18305",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18305"
},
{
"name": "CVE-2018-9441",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9441"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5909"
},
{
"name": "CVE-2018-5910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5910"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
}
],
"initial_release_date": "2018-08-07T00:00:00",
"last_revision_date": "2018-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-372",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel/Nexus du 06 ao\u00fbt 2018",
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 06 ao\u00fbt 2018",
"url": "https://source.android.com/security/bulletin/2018-08-01"
}
]
}
CVE-2018-5904 (GCVE-0-2018-5904)
Vulnerability from cvelistv5 – Published: 2018-11-27 18:00 – Updated: 2024-08-05 05:47
VLAI
EPSS
Summary
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.codeaurora.org/quic/la/kernel/msm-… | x_refsource_CONFIRM |
| https://source.codeaurora.org/quic/la/kernel/msm-… | x_refsource_CONFIRM |
| https://www.codeaurora.org/security-bulletin/2018… | x_refsource_CONFIRM |
Date Public
2018-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=8e82c0d84ccee87309fd22f8208915f0ba502b26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=88b838c8952ec6414c72449ae15768d15d2606dd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T17:57:02.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=8e82c0d84ccee87309fd22f8208915f0ba502b26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=88b838c8952ec6414c72449ae15768d15d2606dd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=8e82c0d84ccee87309fd22f8208915f0ba502b26",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=8e82c0d84ccee87309fd22f8208915f0ba502b26"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=88b838c8952ec6414c72449ae15768d15d2606dd",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=88b838c8952ec6414c72449ae15768d15d2606dd"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-5904",
"datePublished": "2018-11-27T18:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:56.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5905 (GCVE-0-2018-5905)
Vulnerability from cvelistv5 – Published: 2018-09-19 14:00 – Updated: 2024-08-05 05:47
VLAI
EPSS
Summary
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://source.codeaurora.org/quic/la/kernel/msm-… | x_refsource_CONFIRM |
| https://www.codeaurora.org/security-bulletin/2018… | x_refsource_CONFIRM |
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
| http://support.blackberry.com/kb/articleDetail?ar… | x_refsource_CONFIRM |
Date Public
2018-08-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-19T13:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components"
},
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-5905",
"datePublished": "2018-09-19T14:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:56.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5908 (GCVE-0-2018-5908)
Vulnerability from cvelistv5 – Published: 2018-11-27 18:00 – Updated: 2024-08-05 05:47
VLAI
EPSS
Summary
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.codeaurora.org/quic/la/kernel/msm-… | x_refsource_CONFIRM |
| https://source.codeaurora.org/quic/la/kernel/msm-… | x_refsource_CONFIRM |
| https://www.codeaurora.org/security-bulletin/2018… | x_refsource_CONFIRM |
Date Public
2018-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=28e5918c60b832091c6b3618747258803cbd3302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=4689d03e5db548d263232c274bf307956207da27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T17:57:02.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=28e5918c60b832091c6b3618747258803cbd3302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=4689d03e5db548d263232c274bf307956207da27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=28e5918c60b832091c6b3618747258803cbd3302",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=28e5918c60b832091c6b3618747258803cbd3302"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=4689d03e5db548d263232c274bf307956207da27",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=4689d03e5db548d263232c274bf307956207da27"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-5908",
"datePublished": "2018-11-27T18:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:56.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5909 (GCVE-0-2018-5909)
Vulnerability from cvelistv5 – Published: 2018-11-27 18:00 – Updated: 2024-08-05 05:47
VLAI
EPSS
Summary
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.codeaurora.org/quic/la/kernel/msm-… | x_refsource_CONFIRM |
| https://www.codeaurora.org/security-bulletin/2018… | x_refsource_CONFIRM |
Date Public
2018-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2c1716c5afd660651724b6088f2e6301272f4926"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T17:57:02.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2c1716c5afd660651724b6088f2e6301272f4926"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2c1716c5afd660651724b6088f2e6301272f4926",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2c1716c5afd660651724b6088f2e6301272f4926"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-5909",
"datePublished": "2018-11-27T18:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:56.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5910 (GCVE-0-2018-5910)
Vulnerability from cvelistv5 – Published: 2018-11-27 18:00 – Updated: 2024-08-05 05:47
VLAI
EPSS
Summary
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.codeaurora.org/quic/la/kernel/msm-… | x_refsource_CONFIRM |
| https://source.codeaurora.org/quic/la/kernel/msm-… | x_refsource_CONFIRM |
| https://www.codeaurora.org/security-bulletin/2018… | x_refsource_CONFIRM |
Date Public
2018-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b67e04e3696f05411b7434c8b194895d273b00c5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d9344c2f4b60cf5d4c747c11f3cb0b6f1558db78"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T17:57:02.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b67e04e3696f05411b7434c8b194895d273b00c5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d9344c2f4b60cf5d4c747c11f3cb0b6f1558db78"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b67e04e3696f05411b7434c8b194895d273b00c5",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b67e04e3696f05411b7434c8b194895d273b00c5"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d9344c2f4b60cf5d4c747c11f3cb0b6f1558db78",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d9344c2f4b60cf5d4c747c11f3cb0b6f1558db78"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-5910",
"datePublished": "2018-11-27T18:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:56.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9427 (GCVE-0-2018-9427)
Vulnerability from cvelistv5 – Published: 2018-11-06 17:00 – Updated: 2024-09-16 16:28
VLAI
EPSS
Summary
In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041432 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-8.0 Android-8.1
|
Date Public
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9427",
"datePublished": "2018-11-06T17:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:04.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9435 (GCVE-0-2018-9435)
Vulnerability from cvelistv5 – Published: 2024-12-02 22:12 – Updated: 2024-12-03 14:58
VLAI
EPSS
Summary
In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
6.2 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:57:39.463154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:58:06.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "6"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eread due to a missing bounds check. This could lead to local information\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edisclosure with no additional execution privileges needed. User interaction\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound\u00a0read due to a missing bounds check. This could lead to local information\u00a0disclosure with no additional execution privileges needed. User interaction\u00a0is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T22:12:22.069Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9435",
"datePublished": "2024-12-02T22:12:22.069Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-12-03T14:58:06.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9436 (GCVE-0-2018-9436)
Vulnerability from cvelistv5 – Published: 2018-11-06 17:00 – Updated: 2024-09-17 02:16
VLAI
EPSS
Summary
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041432 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1
|
Date Public
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9436",
"datePublished": "2018-11-06T17:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:16:39.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9437 (GCVE-0-2018-9437)
Vulnerability from cvelistv5 – Published: 2018-11-06 17:00 – Updated: 2024-09-17 00:35
VLAI
EPSS
Summary
In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041432 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1
|
Date Public
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9437",
"datePublished": "2018-11-06T17:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:35:36.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9438 (GCVE-0-2018-9438)
Vulnerability from cvelistv5 – Published: 2018-11-06 17:00 – Updated: 2024-09-16 20:52
VLAI
EPSS
Summary
When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041432 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-8.1
|
Date Public
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-8.1"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9438",
"datePublished": "2018-11-06T17:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:52:51.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…