The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Android OS

vulnerability alert CVE-2019-2024

Linux kernel: use after free via em28xx_dvb_fini

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via em28xx_dvb_fini() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 27/03/2019.
Identifiers: CERTFR-2019-AVI-131, CVE-2019-2024, DLA-1799-1, DLA-1799-2, DSA-2019-093, openSUSE-SU-2019:1085-1, openSUSE-SU-2019:1193-1, SUSE-SU-2019:0765-1, SUSE-SU-2019:0767-1, SUSE-SU-2019:0801-1, SUSE-SU-2019:0828-1, SUSE-SU-2019:0901-1, VIGILANCE-VUL-28871.

Description of the vulnerability

An attacker can force the usage of a freed memory area via em28xx_dvb_fini() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-5383

Bluetooth Firmware: information disclosure via Weak Elliptic Curve Parameters

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Weak Elliptic Curve Parameters of Bluetooth Firmware, in order to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Android OS, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: radio connection.
Creation date: 19/02/2019.
Identifiers: CERTFR-2019-AVI-188, CVE-2018-5383, DLA-1747-1, HT208848, HT208849, HT208937, HT209139, openSUSE-SU-2019:0275-1, SUSE-SU-2019:0422-1, SUSE-SU-2019:0427-1, SUSE-SU-2019:0427-2, SUSE-SU-2019:0466-1, VIGILANCE-VUL-28536.

Description of the vulnerability

An attacker can bypass access restrictions to data via Weak Elliptic Curve Parameters of Bluetooth Firmware, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-9568

Linux kernel: memory corruption via sk_clone_lock

Synthesis of the vulnerability

An attacker can trigger a memory corruption via sk_clone_lock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 18/01/2019.
Identifiers: CERTFR-2019-AVI-038, CERTFR-2019-AVI-042, CERTFR-2019-AVI-044, CERTFR-2019-AVI-051, CERTFR-2019-AVI-071, CERTFR-2019-AVI-112, CERTFR-2019-AVI-114, CERTFR-2019-AVI-233, CVE-2018-9568, openSUSE-SU-2019:0065-1, openSUSE-SU-2019:0140-1, RHSA-2019:0512-01, RHSA-2019:0514-01, SUSE-SU-2019:0148-1, SUSE-SU-2019:0196-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0320-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:13937-1, SUSE-SU-2019:13979-1, USN-3880-1, USN-3880-2, VIGILANCE-VUL-28304.

Description of the vulnerability

An attacker can trigger a memory corruption via sk_clone_lock() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-18281

Linux kernel: information disclosure via mremap

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via mremap() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 29/10/2018.
Identifiers: 1695, 1798863, CERTFR-2018-AVI-541, CERTFR-2018-AVI-581, CERTFR-2018-AVI-583, CERTFR-2019-AVI-019, CERTFR-2019-AVI-035, CERTFR-2019-AVI-038, CERTFR-2019-AVI-041, CERTFR-2019-AVI-042, CERTFR-2019-AVI-044, CERTFR-2019-AVI-071, CERTFR-2019-AVI-183, CERTFR-2019-AVI-233, CVE-2018-18281, DLA-1715-1, DLA-1731-1, DLA-1731-2, openSUSE-SU-2018:3817-1, openSUSE-SU-2018:4133-1, RHSA-2019:0831-01, SSA:2019-030-01, SUSE-SU-2018:3689-1, SUSE-SU-2018:3746-1, SUSE-SU-2018:3773-1, SUSE-SU-2018:4069-1, SUSE-SU-2019:0095-1, SUSE-SU-2019:0222-1, SUSE-SU-2019:0224-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:13937-1, USN-3832-1, USN-3835-1, USN-3871-1, USN-3871-2, USN-3871-3, USN-3871-4, USN-3871-5, USN-3880-1, USN-3880-2, VIGILANCE-VUL-27638.

Description of the vulnerability

An attacker can bypass access restrictions to data via mremap() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-9518

Linux kernel: buffer overflow via nfc_llcp_build_sdreq_tlv

Synthesis of the vulnerability

An attacker can generate a buffer overflow via nfc_llcp_build_sdreq_tlv() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: document.
Creation date: 23/10/2018.
Identifiers: CERTFR-2018-AVI-508, CVE-2018-9518, USN-3798-1, USN-3798-2, VIGILANCE-VUL-27601.

Description of the vulnerability

An attacker can generate a buffer overflow via nfc_llcp_build_sdreq_tlv() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-0794

Linux kernel: memory corruption via SCSI Driver

Synthesis of the vulnerability

An attacker can generate a memory corruption via SCSI Driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 23/10/2018.
Identifiers: CERTFR-2018-AVI-508, CVE-2017-0794, USN-3798-1, USN-3798-2, VIGILANCE-VUL-27600.

Description of the vulnerability

An attacker can generate a memory corruption via SCSI Driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-9516

Linux kernel: buffer overflow via hid-debug.c

Synthesis of the vulnerability

An attacker can generate a buffer overflow via hid-debug.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 02/10/2018.
Identifiers: CERTFR-2018-AVI-538, CERTFR-2018-AVI-541, CERTFR-2019-AVI-019, CERTFR-2019-AVI-035, CERTFR-2019-AVI-038, CERTFR-2019-AVI-041, CERTFR-2019-AVI-071, CERTFR-2019-AVI-233, CVE-2018-9516, DLA-1529-1, DLA-1531-1, DSA-4308-1, openSUSE-SU-2018:3817-1, SUSE-SU-2018:3659-1, SUSE-SU-2018:3689-1, SUSE-SU-2018:3746-1, SUSE-SU-2018:3773-1, SUSE-SU-2019:0095-1, SUSE-SU-2019:0439-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:13937-1, USN-3871-1, USN-3871-2, USN-3871-3, USN-3871-4, USN-3871-5, VIGILANCE-VUL-27371.

Description of the vulnerability

An attacker can generate a buffer overflow via hid-debug.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-17182

Linux kernel: information disclosure via vmacache_flush_all

Synthesis of the vulnerability

A local attacker can read a memory fragment via vmacache_flush_all() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/09/2018.
Identifiers: CERTFR-2018-AVI-462, CERTFR-2018-AVI-472, CERTFR-2018-AVI-480, CERTFR-2018-AVI-490, CERTFR-2018-AVI-508, CERTFR-2018-AVI-538, CERTFR-2019-AVI-019, CVE-2018-17182, DLA-1529-1, DLA-1531-1, DSA-4308-1, FEDORA-2018-d77cc41f35, FEDORA-2018-e820fccd83, openSUSE-SU-2018:3071-1, openSUSE-SU-2018:3202-1, RHSA-2018:3656-01, SSA:2018-264-01, SSB-439005, SUSE-SU-2018:3032-1, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, SUSE-SU-2018:3100-1, SUSE-SU-2018:3159-1, SUSE-SU-2018:3659-1, SUSE-SU-2019:0095-1, USN-3776-1, USN-3776-2, USN-3777-1, USN-3777-2, USN-3777-3, VIGILANCE-VUL-27257.

Description of the vulnerability

A local attacker can read a memory fragment via vmacache_flush_all() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-13168

Linux kernel: privilege escalation via Generic SCSI Driver

Synthesis of the vulnerability

An attacker can bypass restrictions via Generic SCSI Driver of the Linux kernel, in order to escalate his privileges.
Impacted products: Android OS, Linux, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, data reading.
Provenance: user shell.
Creation date: 24/08/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-557, CVE-2017-13168, USN-3753-1, USN-3753-2, USN-3820-1, USN-3820-2, USN-3820-3, USN-3822-1, USN-3822-2, VIGILANCE-VUL-27071.

Description of the vulnerability

An attacker can bypass restrictions via Generic SCSI Driver of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-9415

Linux kernel: use after free via AMBA

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via AMBA of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 24/08/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-9415, SUSE-SU-2018:1366-1, USN-3752-1, USN-3752-2, USN-3752-3, VIGILANCE-VUL-27070.

Description of the vulnerability

An attacker can force the usage of a freed memory area via AMBA of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Android OS: