In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197966306References: N/A
In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238921253
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622
In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270392711
In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456.
In kisd, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425581.
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270397970
In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441
In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401229
In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395013
In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496160
In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461318
In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399153
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05431161.
In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-168041375
In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401914
In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW.
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero.
In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650338
Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow.
In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur.
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.
Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function.
Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors.
Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.
In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.
In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.
In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of privilege with no additional execution privileges needed. User interaction not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69559414. Reference: N-CVE-2017-6290.