|
246671
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan functio…
|
CWE-416
Use After Free
|
CVE-2018-11300
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246672
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tri…
|
CWE-129
Improper Validation of Array Index
|
CVE-2018-11299
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246673
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm st…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11298
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246674
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validati…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11297
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246675
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11296
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246676
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and an…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11295
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246677
|
8.0 |
HIGH
Adjacent
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. Whi…
|
CWE-20
Improper Input Validation
|
CVE-2018-11294
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246678
|
5.7 |
MEDIUM
Adjacent
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11293
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246679
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue…
|
CWE-416
Use After Free
|
CVE-2018-11286
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246680
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IP…
|
CWE-416
Use After Free
|
CVE-2018-11281
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
