Google Android vulnerabilities

CVE-2018-9386 [MEDIUM] CWE-787 CVE-2018-9386: In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow du In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9399 [MEDIUM] CWE-787 CVE-2018-9399: In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lea In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9398 [MEDIUM] CWE-787 CVE-2018-9398: In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9463 [MEDIUM] CWE-787 CVE-2018-9463: In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9395 [MEDIUM] CWE-787 CVE-2018-9395: In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/me In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9393 [MEDIUM] CWE-787 CVE-2018-9393: In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a pos In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9392 [MEDIUM] CWE-787 CVE-2018-9392: In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, the In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9394 [MEDIUM] CWE-787 CVE-2018-9394: In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9396 [MEDIUM] CWE-787 CVE-2018-9396: In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possib In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9441 [MEDIUM] CWE-125 CVE-2018-9441: In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9449 [MEDIUM] CWE-125 CVE-2018-9449: In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9418 [CRITICAL] CWE-787 CVE-2018-9418: In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a mis In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9430 [CRITICAL] CWE-787 CVE-2018-9430: In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds c In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-20127 [HIGH] CWE-125 CVE-2024-20127: In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2023.

CVE-2024-20138 [HIGH] CWE-125 CVE-2024-20138: In wlan driver, there is a possible out of bound read due to improper input validation. This could l In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.

CVE-2018-9380 [HIGH] CWE-787 CVE-2018-9380: In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input val In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9414 [HIGH] CWE-787 CVE-2018-9414: In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9426 [HIGH] CWE-331 CVE-2018-9426: In  RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementat In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key ge

CVE-2018-9381 [HIGH] CWE-908 CVE-2018-9381: In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to un In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-20129 [HIGH] CWE-125 CVE-2024-20129: In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2025.