[Git][security-tracker-team/security-tracker][master] Android NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Aug 5 17:11:48 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f028460 by Moritz Muehlenhoff at 2020-08-05T18:11:21+02:00
Android NFUs
one linux issue coming from Android
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16008,6 +16008,7 @@ CVE-2020-11129
RESERVED
CVE-2020-11128
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11127
RESERVED
CVE-2020-11126
@@ -16020,20 +16021,25 @@ CVE-2020-11123
RESERVED
CVE-2020-11122
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11121
RESERVED
CVE-2020-11120
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11119
RESERVED
CVE-2020-11118
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11117
RESERVED
CVE-2020-11116
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11115
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11114
RESERVED
CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...)
@@ -35484,6 +35490,7 @@ CVE-2020-3676 (Possible memory corruption in perfservice due to improper validat
NOT-FOR-US: Snapdragon
CVE-2020-3675
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3674
RESERVED
CVE-2020-3673
@@ -35496,12 +35503,16 @@ CVE-2020-3670
RESERVED
CVE-2020-3669
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3668
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3667
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3666
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...)
NOT-FOR-US: Snapdragon
CVE-2020-3664
@@ -35546,14 +35557,17 @@ CVE-2020-3645 (Firmware will hit assert in WLAN firmware If encrypted data lengt
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3644
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3643
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...)
NOT-FOR-US: Snapdragon
CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3640
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3639
RESERVED
CVE-2020-3638
@@ -35562,6 +35576,7 @@ CVE-2020-3637
RESERVED
CVE-2020-3636
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
NOT-FOR-US: Snapdragon
CVE-2020-3634
@@ -35586,6 +35601,7 @@ CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3624
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3623 (kernel failure due to load failures while running v1 path directly via ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3622
@@ -35596,6 +35612,7 @@ CVE-2020-3620
RESERVED
CVE-2020-3619
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3618 (NULL exception due to accessing bad pointer while posting events on RT ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3617
@@ -35612,6 +35629,7 @@ CVE-2020-3612
RESERVED
CVE-2020-3611
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3610 (Possibility of double free of the drawobj that is added to the drawque ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-19864
@@ -47320,32 +47338,48 @@ CVE-2020-0261
RESERVED
CVE-2020-0260
RESERVED
+ NOT-FOR-US: Mediatek components for Android
CVE-2020-0259
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0258
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0257
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0256
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0255
RESERVED
+ - linux <unfixed>
+ NOTE: https://android.googlesource.com/kernel/common/+/fb73974172ff
+ NOTE: https://source.android.com/security/bulletin/2020-08-01
CVE-2020-0254
RESERVED
+ NOT-FOR-US: Mediatek components for Android
CVE-2020-0253
RESERVED
+ NOT-FOR-US: Mediatek components for Android
CVE-2020-0252
RESERVED
+ NOT-FOR-US: Mediatek components for Android
CVE-2020-0251
RESERVED
+ NOT-FOR-US: Mediatek components for Android
CVE-2020-0250
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0249
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0248
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0247
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0246
RESERVED
CVE-2020-0245
@@ -47354,16 +47388,22 @@ CVE-2020-0244
RESERVED
CVE-2020-0243
RESERVED
+ NOT-FOR-US: Android media framework
CVE-2020-0242
RESERVED
+ NOT-FOR-US: Android media framework
CVE-2020-0241
RESERVED
+ NOT-FOR-US: Android media framework
CVE-2020-0240
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0239
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0238
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0237
RESERVED
CVE-2020-0236
@@ -47641,6 +47681,7 @@ CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.
NOT-FOR-US: Android
CVE-2020-0108
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible ...)
@@ -60431,6 +60472,7 @@ CVE-2019-14120
RESERVED
CVE-2019-14119
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14118
RESERVED
CVE-2019-14117
@@ -60439,6 +60481,7 @@ CVE-2019-14116 (Privilege escalation by using an altered debug policy image can
NOT-FOR-US: Snapdragon
CVE-2019-14115
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE containing GTK k ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14113 (Buffer overflow can occur in In WLAN firmware while unwraping data usi ...)
@@ -60491,6 +60534,7 @@ CVE-2019-14090
RESERVED
CVE-2019-14089
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer ...)
NOT-FOR-US: Snapdragon
CVE-2019-14087 (Failure in buffer management while accessing handle for HDR blit when ...)
@@ -60539,6 +60583,7 @@ CVE-2019-14066 (Integer overflow in calculating estimated output buffer size whe
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14065
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14064
RESERVED
CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
@@ -60557,6 +60602,7 @@ CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file
NOT-FOR-US: Snapdragon
CVE-2019-14056
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...)
NOT-FOR-US: Snapdragon
CVE-2019-14054 (Improper permissions in XBL_SEC region enable user to update XBL_SEC c ...)
@@ -60565,6 +60611,7 @@ CVE-2019-14053 (When attempting to create a new XFRM policy, a stack out-of-boun
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14052
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...)
NOT-FOR-US: Snapdragon
CVE-2019-14050 (Out-of-bound writes occurs due to lack of check of buffer size will ca ...)
@@ -60619,6 +60666,7 @@ CVE-2019-14026 (Possible buffer overflow in WLAN WMI handler due to lack of ssid
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14025
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14024 (Possible stack-use-after-scope issue in NFC usecase for card emulation ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14023 (String format issue will occur while processing HLOS data as there is ...)
@@ -60671,8 +60719,10 @@ CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from sha
NOT-FOR-US: Qualcomm components for Android
CVE-2019-13999
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-13998
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-13997
RESERVED
CVE-2019-13996
@@ -71260,6 +71310,7 @@ CVE-2019-10616 (Possibility of null pointer access if the SPDM commands are exec
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10615
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10614 (Out of boundary access is possible as there is no validation of data a ...)
NOT-FOR-US: Snapdragon
CVE-2019-10613
@@ -71366,6 +71417,7 @@ CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improp
NOT-FOR-US: Snapdragon
CVE-2019-10562
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10561 (Improper initialization of local variables which are parameters to sfs ...)
NOT-FOR-US: Snapdragon
CVE-2019-10560
@@ -116367,6 +116419,7 @@ CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13903
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-13902 (Out of bounds memory read and access due to improper array index valid ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13901 (Due to missing permissions in Android Manifest file, Sensitive informa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f028460af993393e1a1396a65f5ad1b9b9582e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f028460af993393e1a1396a65f5ad1b9b9582e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200805/7fe55580/attachment.html>
More information about the debian-security-tracker-commits
mailing list