Security Advisories

Issues in the TSC, TSPP2, and BusPM Drivers (CVE-2015-0573, CVE-2016-2441, CVE-2016-2442)

Release Date May 17, 2016
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Elevation of Privilege Vulnerability in the Performance Component (CVE-2016-0819)

Release Date May 13, 2016
Affected Projects Android for MSM

Improper input validation in the tethering controller of netd (CVE-2016-2060)

Release Date May 5, 2016
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Linux IPC router binding any port as a control port (CVE-2016-2059)

Release Date April 29, 2016
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Buffer overflow in Adreno GPU MSM Driver (CVE­-2016-­2062)

Release Date April 28, 2016
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Elevation of Privilege Vulnerability in Qualcomm Performance Module (CVE-2015-0805)

Release Date April 20, 2016
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Information Disclosure Vulnerability in Kernel IPC Router Module (CVE-2015-6642)

Release Date April 20, 2016
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Buffer Overflow in MSM Thermal Driver Allows Privilege Escalation (CVE-2016-2411)

Release Date April 20, 2016
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Buffer Overflow in IPA Driver Allows Local Privilege Elevation (CVE-2016-0844)

Release Date April 1, 2016
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Multiple Issues in WLAN Driver Allow Local Privilege Escalation (CVE-2015-0569, CVE-2015-0570, CVE-2015-0571)

Release Date December 18, 2015
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Multiple Issues in Camera Drivers (CVE-2014-9410, CVE-2015-0568)

Release Date August 21, 2015
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

LK - Improper partition bounds checking when flashing sparse images (CVE-2015-0567)

Release Date May 12, 2015
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Memory corruption in multiple camera drivers (CVE-2014-4321, CVE-2014-4324, CVE-2014-0975, CVE-2014-0976, CVE-2014-9409)

Release Date February 18, 2015
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Memory corruption in QSEECOM driver (CVE-2014-4322)

Release Date December 22, 2014
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Improper input validation in MDP driver when processing color maps (CVE-2014-4323)

Release Date December 11, 2014
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Fastboot boot command bypasses signature verification (CVE-2014-4325)

Release Date August 5, 2014
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

LK - insufficient verification of tag_addr when loading device tree (CVE-2014-0974)

Release Date July 23, 2014
Affected Projects Android for MSM

Unprivileged GPU command streams can change the IOMMU page table (CVE-2014-0972)

Release Date June 21, 2014
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Incomplete signature parsing during boot image authentication leads to signature forgery (CVE-2014-0973)

Release Date June 13, 2014
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Insecure owner/permission changes in init shell scripts (CVE-2013-6124)

Release Date February 19, 2014
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Out of bounds array access in camera driver (CVE-2013-6123)

Release Date January 10, 2014
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Missing access checks in put_user/get_user kernel API (CVE-2013-6282)

Release Date November 14, 2013
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Stack-based buffer overflow and memory disclosure in camera driver (CVE-2013-4738 CVE-2013-4739)

Release Date October 15, 2013
Affected Projects Android for MSM

Loading of image data to memory locations based on untrusted header data in LK bootloader (CVE-2013-2598)

Release Date September 6, 2013
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

CONFIG_STRICT_MEMORY_RWX is not strictly enforced (CVE-2013-4737)

Release Date September 5, 2013
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Integer overflow and signedness issue in camera JPEG engines (CVE-2013-4736)

Release Date August 29, 2013
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Integer overflow in range check when mapping framebuffer memory (CVE-2013-2596)

Release Date July 8, 2013
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Logging of potentially sensitive information via NativeDaemonConnector (CVE-2013-2599)

Release Date July 3, 2013
Affected Projects Android for MSM, QRD Android

Stack-based buffer overflow in acdb audio driver (CVE-2013-2597)

Release Date June 21, 2013
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Uncontrolled memory mapping in camera driver (CVE-2013-2595)

Release Date May 1, 2013
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android

Multiple issues in DIAG/KGSL system call handling (CVE-2012-4220, CVE-2012-4221, CVE-2012-4222)

Release Date November 15, 2012
Affected Projects Android for MSM, Firefox OS for MSM, QRD Android, SIMCOM QRD Android Project