[Git][security-tracker-team/security-tracker][master] Android NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 5 11:15:22 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
108b7daa by Moritz Muehlenhoff at 2020-03-05T12:15:03+01:00
Android NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18855,6 +18855,7 @@ CVE-2020-2312
RESERVED
CVE-2020-2311
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-2310
RESERVED
CVE-2020-2309
@@ -18877,6 +18878,7 @@ CVE-2020-2301
RESERVED
CVE-2020-2300
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-2299
RESERVED
CVE-2020-2298
@@ -27144,6 +27146,7 @@ CVE-2020-0070
RESERVED
CVE-2020-0069
RESERVED
+ NOT-FOR-US: Mediatek components for Android
CVE-2020-0068
RESERVED
CVE-2020-0067
@@ -27216,37 +27219,51 @@ CVE-2020-0045
NOT-FOR-US: Android
CVE-2020-0044
RESERVED
+ NOT-FOR-US: FPC components for Android
CVE-2020-0043
RESERVED
+ NOT-FOR-US: FPC components for Android
CVE-2020-0042
RESERVED
+ NOT-FOR-US: FPC components for Android
CVE-2020-0041
RESERVED
CVE-2020-0040
RESERVED
CVE-2020-0039
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0038
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0037
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0036
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0035
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0034
RESERVED
+ - libvpx <unfixed>
+ NOTE: https://android.googlesource.com/platform/external/libvpx/+/30d0c20d0d04151530de62df3937de27c4f204fd
CVE-2020-0033
RESERVED
+ NOT-FOR-US: Android media framework
CVE-2020-0032
RESERVED
+ NOT-FOR-US: Android media framework
CVE-2020-0031
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...)
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a
CVE-2020-0029
RESERVED
+ NOT-FOR-US: Android
CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...)
NOT-FOR-US: Android
CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of ...)
@@ -27281,10 +27298,13 @@ CVE-2020-0013
RESERVED
CVE-2020-0012
RESERVED
+ NOT-FOR-US: FPC components for Android
CVE-2020-0011
RESERVED
+ NOT-FOR-US: FPC components for Android
CVE-2020-0010
RESERVED
+ NOT-FOR-US: FPC components for Android
CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...)
- linux <unfixed>
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949
@@ -39787,12 +39807,15 @@ CVE-2019-14099
RESERVED
CVE-2019-14098
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14097
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14096
RESERVED
CVE-2019-14095
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14094
RESERVED
CVE-2019-14093
@@ -39811,20 +39834,26 @@ CVE-2019-14087
RESERVED
CVE-2019-14086
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14085
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14084
RESERVED
CVE-2019-14083
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14082
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14081
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14080
RESERVED
CVE-2019-14079
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14078
RESERVED
CVE-2019-14077
@@ -39839,14 +39868,17 @@ CVE-2019-14073
RESERVED
CVE-2019-14072
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14071
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14070
RESERVED
CVE-2019-14069
RESERVED
CVE-2019-14068
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14067
RESERVED
CVE-2019-14066
@@ -39861,6 +39893,7 @@ CVE-2019-14062
RESERVED
CVE-2019-14061
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
NOT-FOR-US: Snapdragon
CVE-2019-14059
@@ -39883,16 +39916,19 @@ CVE-2019-14051 (Subsequent additions performed during Module loading while alloc
NOT-FOR-US: Snapdragon
CVE-2019-14050
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocation whi ...)
NOT-FOR-US: Snapdragon
CVE-2019-14048
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14047
RESERVED
CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
NOT-FOR-US: Snapdragon
CVE-2019-14045
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...)
NOT-FOR-US: Snapdragon
CVE-2019-14043
@@ -39919,18 +39955,25 @@ CVE-2019-14033
RESERVED
CVE-2019-14032
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14031
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14030
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14029
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14028
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14027
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14026
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14025
RESERVED
CVE-2019-14024 (Possible stack-use-after-scope issue in NFC usecase for card emulation ...)
@@ -39953,6 +39996,7 @@ CVE-2019-14016 (Integer overflow occurs while playing the clip which is nonstand
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14015
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14014 (Possible buffer overflow when byte array receives incorrect input from ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14013 (While parsing invalid super index table, elements within super index t ...)
@@ -39983,6 +40027,7 @@ CVE-2019-14001
RESERVED
CVE-2019-14000
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-13999
RESERVED
CVE-2019-13998
@@ -50503,6 +50548,7 @@ CVE-2019-10617 (Low privilege users can access service configuration which conta
NOT-FOR-US: Qualcomm
CVE-2019-10616
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10615
RESERVED
CVE-2019-10614 (Out of boundary access is possible as there is no validation of data a ...)
@@ -50511,6 +50557,7 @@ CVE-2019-10613
RESERVED
CVE-2019-10612
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of check o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10610
@@ -50527,8 +50574,10 @@ CVE-2019-10605 (Buffer overwrite can occur in IEEE80211 header filling function
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10604
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10603
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10602 (Potential use-after-free heap error during Validate/Present calls on d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10601 (Out of bound access can occur while processing firmware event due to l ...)
@@ -50547,12 +50596,15 @@ CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of vali
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10594
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10593
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10592 (Possible integer overflow while multiplying two integers of 32 bit in ...)
NOT-FOR-US: Snapdragon
CVE-2019-10591
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standard as i ...)
NOT-FOR-US: Snapdragon
CVE-2019-10589
@@ -50561,8 +50613,10 @@ CVE-2019-10588
RESERVED
CVE-2019-10587
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10586
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10585 (Possible integer overflow happens when mmap find function will increme ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10584 (Possibility of out of bound access in debug queue, if packet size fiel ...)
@@ -50581,6 +50635,7 @@ CVE-2019-10578 (Null pointer dereference can occur while parsing the clip which
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10577
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10576
RESERVED
CVE-2019-10575
@@ -50597,6 +50652,7 @@ CVE-2019-10570
RESERVED
CVE-2019-10569
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10568
RESERVED
CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking there is ...)
@@ -50627,22 +50683,28 @@ CVE-2019-10555 (Buffer overflow can occur due to usage of wrong datatype and mis
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10554
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10553
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10552
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10551
RESERVED
CVE-2019-10550
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10549
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10548 (While trying to obtain datad ipc handle during DPL initialization, Hea ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10547
RESERVED
CVE-2019-10546
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10545 (Null pointer dereference issue in kernel due to missing check related ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10544 (Improper length check on source buffer to handle userspace data receiv ...)
@@ -50683,6 +50745,7 @@ CVE-2019-10527
RESERVED
CVE-2019-10526
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10525 (Buffer overflow during SIB read when network configures complete sib l ...)
NOT-FOR-US: Snapdragon
CVE-2019-10524 (Lack of check for a negative value returned for get_clk is wrongly int ...)
@@ -74289,6 +74352,7 @@ CVE-2019-2318 (Non Secure Kernel can cause Trustzone to do an arbitrary memory r
NOT-FOR-US: Snapdragon
CVE-2019-2317
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-2316 (When computing the digest a local variable is used after going out of ...)
NOT-FOR-US: Snapdragon
CVE-2019-2315 (While invoking the API to copy from fd or local buffer to the secure b ...)
@@ -74569,6 +74633,7 @@ CVE-2019-2195 (In tokenize of sqlite3_android.cpp, there is a possible attacker
NOT-FOR-US: Android
CVE-2019-2194
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2193 (In WelcomeActivity.java and related files, there is a possible permiss ...)
NOT-FOR-US: Android
CVE-2019-2192 (In call of SliceProvider.java, there is a possible permissions bypass ...)
@@ -100806,6 +100871,7 @@ CVE-2018-11839
RESERVED
CVE-2018-11838
RESERVED
+ NOT-FOR-US: Qualcomm components for AndroidC
CVE-2018-11837
RESERVED
CVE-2018-11836 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108b7daa6cb40f5dd12ec10d0af2176ca81a0484
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/108b7daa6cb40f5dd12ec10d0af2176ca81a0484
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200305/38805d6b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list