CVE-2018-11276

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.

Source: CVE-2018-11276

CVE-2018-11273

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, ‘voice_svc_dev’ is allocated as a device-managed resource. If error ‘cdev_alloc_err’ occurs, ‘device_destroy’ will free all associated resources, including ‘voice_svc_dev’ leading to a double free.

Source: CVE-2018-11273

CVE-2018-11275

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.

Source: CVE-2018-11275

CVE-2018-11265

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment.

Source: CVE-2018-11265

CVE-2018-11274

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large.

Source: CVE-2018-11274

CVE-2018-11270

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption.

Source: CVE-2018-11270

CVE-2017-15844

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.

Source: CVE-2017-15844

CVE-2017-15818

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size.

Source: CVE-2017-15818

CVE-2017-15828

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow.

Source: CVE-2017-15828

CVE-2017-15825

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur.

Source: CVE-2017-15825