# android_vuln_poc-exp

**Repository Path**: SomeMirrors/android_vuln_poc-exp

## Basic Information

- **Project Name**: android_vuln_poc-exp
- **Description**: [Mirror] https://github.com/jiayy/android_vuln_poc-exp
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2024-04-12
- **Last Updated**: 2024-04-12

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Exploits 

CVE Number | Feature | Device 
---------- | ------- | ------
[CVE-2023-26083](./android/EXP-CVE-2023-26083/README.md) | mali driver  | android
[CVE-2023-20963](./android/CVE-2023-20963) | WorkSource parcel/unparcel  | android
[CVE-2023-27703](./android/CVE-2023-27703) | pikpak apk  | android
[CVE-2023-33768](./android/CVE-2023-33768) | Incorrect signature verification of the firmware  | Belkin Wemo Smart Plug WSP080
[CVE-2023-35671](./android/CVE-2023-35671) | Android App Pin security issue exposes payment cards in Google Wallet to unauthorized payments  | android
[CVE-2023-45777](./android/CVE-2023-45777) | bad Parcel  | android
[CVE-2023-50226](./android/CVE-2023-50226) | Parallels Desktop  | macos
[CVE-2024-21626](./linux/CVE-2024-21626) | docker runc escape vuln  | docker 
[CVE-2024-0684](./linux/CVE-2024-0684) | A vulnerability in the GNU coreutils "split" program  | ubuntu 
[CVE-2015-5165](./android/EXP-2015-5165/readme.md) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  | qemu | ubuntu 
[CVE-2015-7504](./android/EXP-2015-7504/readme.md) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  | qemu | ubuntu 
[CVE-2016-3935](./android/EXP-CVE-2016-3935/readme.md) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  | msm crypto driver | nexus 6p 
[CVE-2016-0844](./android/EXP-CVE-2016-0844) | msm ipa driver | nexus 6p 
[CVE-2016-6038](./android/EXP-CVE-2016-6738/readme.md) | msm crypto driver | nexus 6p 
[CVE-2016-2411](./android/EXP-CVE-2016-2411/readme.md) | Qualcomm Power Management driver | nexus 5x 
[CVE-2016-2434](./android/EXP-CVE-2016-2434/readme.md) | NVIDIA video driver |nexus 9
[CVE-2016-2435](./android/EXP-CVE-2016-2435/readme.md) | NVIDIA video driver |nexus 9 
[CVE-2016-3857](./android/EXP-CVE-2016-3857/readme.md) | linux kernel |nexus 7 
[CVE-2016-2384](./android/EXP-CVE-2016-2384) | double-free in USB MIDI driver |linux pc
[CVE-2016-9793](./android/EXP-CVE-2016-9793)| signedness issue with SO\_SNDBUFFORCE and SO\_RCVBUFFORCE socket options |linux pc
[CVE-2017-6074](./android/EXP-CVE-2017-6074)| double-free in DCCP protocol |linux pc
[CVE-2017-7308](./android/EXP-CVE-2017-7308)| signedness issue in AF\_PACKET sockets |linux pc
[CVE-2017-1000112](./android/EXP-CVE-2017-1000112)| memory corruption due to UFO to non-UFO path switch |linux pc
[CVE-2018-17182](./android/EXP-CVE-2018-17182) | cache invalidation bug in linux|linux pc
[CVE-2018-18281](./android/EXP-CVE-2018-18281) | uaf caused by TLB late flush|pixel2
[CVE-2019-13272](./android/EXP-CVE-2019-13272) | PTRACE_TRACEME local root on x86-64 | ubuntu 
[CVE-2019-13272](./android/EXP-CVE-2019-13272-aarch64) | PTRACE_TRACEME local root on aarch64 | ubuntu 

# Vulnerabilities Discovered By Me (mostly)

## Google

CVE Number | Feature | Keywords | Bulletin 
---------- | ------- | -------- | ------
[CVE-2016-0805](./android/CVE-2016-0805/readme.md) &nbsp; &nbsp; &nbsp;  | perf_event_open | Buffer Overflow, OOB | Android bulletin 2016-02
[CVE-2016-0844](./android/CVE-2016-0844/readme.md) | msm ipa driver | Array Overflow, OOB | Android bulletin 2016-04
[CVE-2016-3869](./android/CVE-2016-3869/readme.md) | bcmdhd driver | Array Overflow, OOB | Android bulletin 2016-09
[CVE-2016-3865](./android/CVE-2016-3865/readme.md) | touchscreen driver | Stack Overflow, OOB | Android bulletin 2016-09
[CVE-2016-3866](./android/cve-2016-3866/readme.md) | msm sound driver | Buffer Overflow, OOB | Android bulletin 2016-09
[CVE-2016-3867](./android/CVE-2016-3867/readme.md) | msm ipa driver | Race Heap Overflow | Android bulletin 2016-09
[CVE-2016-3935](./android/cve-2016-3935/readme.md) | msm crypto driver | Integer Overflow | Android bulletin 2016-10
[CVE-2016-5195](./android/cve-2016-5195/readme.md) |  |  | 
[CVE-2016-6690](./android/cve-2016-6690/readme.md) | msm sound driver | Arbitrary Address Write | Android bulletin 2016-10
[CVE-2016-3901](./android/cve-2016-3901/readme.md) | msm crypto driver | Heap Overflow | Android bulletin 2016-10
[CVE-2016-3940](./android/cve-2016-3940/readme.md) | touchscreen driver | Stack Overflow, OOB | Android bulletin 2016-10
[CVE-2016-6672](./android/cve-2016-6672/readme.md) | touchscreen driver | Stack Overflow, OOB | Android bulletin 2016-10
[CVE-2016-6738](./android/CVE-2016-6738/readme.md) | msm crypto driver | Arbitrary Address Write | Android bulletin 2016-11
[CVE-2016-3906](./android/CVE-2016-3906/readme.md) | msm core driver | Info Leak | Android bulletin 2016-11
[CVE-2016-6725](./android/CVE-2016-6725/readme.md) | qcom crypto driver | Integer Overflow | Android bulletin 2016-11
[CVE-2016-6740](./android/CVE-2016-6740/readme.md) | msm camera driver | Stack Overflow | Android bulletin 2016-11
[CVE-2016-6741](./android/CVE-2016-6741/readme.md) | msm camera driver | Stack Overflow | Android bulletin 2016-11
[CVE-2016-6742](./android/CVE-2016-6742/readme.md) | touchscreen driver | Heap Overflow | Android bulletin 2016-11
[CVE-2016-6744](./android/CVE-2016-6744/readme.md) | touchscreen driver | Stack Overflow | Android bulletin 2016-11
[CVE-2016-6745](./android/CVE-2016-6745/readme.md) | touchscreen driver | Race Heap Overflow | Android bulletin 2016-11
[CVE-2016-8464](./android/CVE-2016-8464/readme.md) | bcmdhd driver | Heap Overflow, OOB | Android bulletin 2017-01
[CVE-2017-0434](./android/CVE-2017-0434/readme.md) | Synaptics touchscreen driver | Race Condition UAF | Android bulletin 2017-02
[CVE-2017-0446](./android/CVE-2017-0446/readme.md) | htc touchscreen driver | Race Condition UAF | Android bulletin 2017-02
[CVE-2017-0447](./android/CVE-2017-0447/readme.md) | htc touchscreen driver | Race Condition UAF | Android bulletin 2017-02
[CVE-2017-0432](./android/CVE-2017-0432/readme.md) | mtk driver | Array Overflow, OOB | Android bulletin 2017-02
[CVE-2017-0524](./android/CVE-2017-0524/readme.md) | htc touchscreen driver | Race Condition UAF | Android bulletin 2017-03
[CVE-2017-0536](./android/CVE-2017-0536/readme.md) | Synaptics touchscreen driver | Info Leak | Android bulletin 2017-03
[CVE-2017-0329](./android/CVE-2017-0329/readme.md) | tegra driver | Buffer Overflow, OOB | Android bulletin 2017-04
[CVE-2017-6426](./android/CVE-2017-6426/readme.md) | Qualcomm SPMI driver | Info Leak | Android bulletin 2017-04
[CVE-2017-0332](./android/CVE-2017-0332/readme.md) | tegra crypto driver | Buffer Overflow, OOB | Android bulletin 2017-04
[CVE-2016-10285](.android//CVE-2016-10285/readme.md) | msm mdss driver | Info Leak | Android bulletin 2017-05
[CVE-2016-10288](.android//CVE-2016-10288/readme.md) | qcom led driver | UAF | Android bulletin 2017-05
[CVE-2016-10290](.android//CVE-2016-10290/readme.md) | qcom sharedmem driver | Race Condition UAF | Android bulletin 2017-05
[CVE-2017-0624](./android/CVE-2017-0624/readme.md) | qcom wlan driver | Race Condition UAF | Android bulletin 2017-05
[CVE-2016-10294](.android//CVE-2016-10294/readme.md) | qcom power management driver | Race Condition infoleak | Android bulletin 2017-05
[CVE-2016-10295](.android//CVE-2016-10295/readme.md) | qcom led driver | Race Condition infoleak | Android bulletin 2017-05
[CVE-2016-10296](.android//CVE-2016-10296/readme.md) | qcom sharedmem driver | Race Condition infoleak | Android bulletin 2017-05
[CVE-2017-8243](./android/CVE-2017-8243/readme.md) | qcom soc driver | Buffer Overflow, OOB | Android bulletin 2017-07
[CVE-2017-8266](./android/CVE-2017-8266/readme.md) | msm video driver  | Race Condition UAF | Android bulletin 2017-07
[CVE-2017-8270](./android/CVE-2017-8270/readme.md) | msm wlan driver | Race Condition UAF | Android bulletin 2017-07
[CVE-2017-0744](./android/CVE-2017-0744/readme.md) | tegra sound driver | Buffer Overflow, OOB | Android bulletin 2017-08
[CVE-2017-9691](./android/CVE-2017-9691/readme.md) | MobiCore driver | Race Condition Info Leak | Android bulletin 2017-08
[CVE-2017-10997](.android//CVE-2017-10997/readme.md) | msm pci driver | Buffer Overflow, OOB | Android bulletin 2017-09
[CVE-2017-8244](./android/CVE-2017-8244/readme.md) | msm vidc debugfs driver | Buffer Overflow, OOB | Android bulletin 2017-12
[CVE-2017-18153](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2018-05
[CVE-2018-11302](https://source.android.com/security/bulletin/pixel/2019-09-01) | N | OOB | Android bulletin 2019-09
[cve-2018-5855](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2019-04
[cve-2018-11905](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2019-04
[CVE-2018-11825](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2018-13890](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-2299](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-2302](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-2312](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-2314](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-9248](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-9386](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-9448](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-9449](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-9450](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-9451](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-9452](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-10506](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2017-14888](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2018-11302](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[CVE-2019-10542](https://source.android.com/security/overview/release-acknowledgements?hl=en) | N | OOB | Android release acknowledgements 
[cve-2019-2206](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2019-11
[cve-2019-2297](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2019-10
[cve-2019-10566](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2019-10
[CVE-2019-10584](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2020-03
[CVE-2020-0055](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2020-03
[CVE-2020-0056](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2020-03
[CVE-2020-0057](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2020-03
[CVE-2020-0058](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2020-03
[CVE-2020-0059](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2020-03
[CVE-2020-0005](https://source.android.com/security/overview/acknowledgements?hl=en) | N | OOB | Android bulletin 2020-02


## Qualcomm

CVE Number | Feature | Keywords | Bulletin 
--------------- | ------- | -------- | ------
[cve-2019-10584](https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=f1057f82fa62cca8315ea0fbb713fe1e92a409a8) &nbsp; &nbsp; &nbsp; | video | overread | [201912 Qual Bulletin](https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin)
[cve-2019-10563](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=468ffaac90d93623bbc2f8f6743c4e4e0b9a53f5) | wlan host | Buffer Overflow | [201910 Qual Bulletin](https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin)
[cve-2019-2302](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9c2c22372f35c5e9fdea4962f02083f879226400) | wlan host | Buffer Overflow | [201910 Qual Bulletin](https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin)
[cve-2019-10542](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=20b956dbc8b19d719dbe6ca3bfde781e6f64be49) | wlan host | Buffer Overflow | [201909 Qual Bulletin](https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin)
[cve-2019-2312](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9f1a091072339a33382c36a0e55df75a9621d1c3) | wlan host | Buffer Overflow | [201907 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin)
[cve-2019-2314](https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=95bfa6cf89482c795e54ce4ee026ef068c9495c7) | display | uaf | [201907 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin)
[cve-2018-5883](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a67fee043d7459b1c09033b4ca24c41fab5ea4a9) | wlan host | Buffer Overflow | [201905 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin)
[cve-2018-5911](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ea2fc6eef2c742467f0322d0ff0fc7ba6c917f66) | wlan host | Buffer Overflow | [201905 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin)
[cve-2018-11905](https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0cdcf0409bdad7ed91c11d7715c89acc2e521e96) | dsp | Buffer Overflow | [201904 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin)
[cve-2018-11293](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=6fb7ac8d49631cdd09dbe72669d1a660dfce3bdb) | N | Overflow | [201809 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin)
[cve-2018-11297](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c708606086490ca9b8fc1077f18782891a595ba9) | wlan host | Buffer Overflow | [201809 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin)
[cve-2018-11302](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4178ed2227bbc48d4313bc4e7d604d2813c0d9f4) | wlan host | Buffer Overflow | [201809 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin)
[cve-2018-11886](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=cc0e6489d67d3fc7b196cf6806a7a5edcff33a88) | wlan host | Buffer Overflow | [201809 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin)
[CVE-2018-3577](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=cf1c43ce8840021d2907afaa6c514e6971d7ebac) | wlan host | Integer Overflow toBuffer Overflow | [201807 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin)
[CVE-2018-5830](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=129e76e0ea923b319555f37ea601dfb974a06bfe) | wlan host | Improper Restriction of Operations within the Bounds of a Memory Buffer | [201807 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin)
[CVE-2018-5864](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9c042f7827e0d21e5b93c04b418bca0230de91dc) | wlan host | Improper Restriction of Operations within the Bounds of a Memory Buffer | [201807 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin)
[CVE-2018-5855](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=61f4a467177afc23bdc1944ec61e52bed156c104) | wlan host | buffer over-read | [201807 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin)
[CVE-2017-14883](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85) | wlan host | Integer Over flow | [201805 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2)
[CVE-2017-14884](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=0ce15ef4075719a82858b7324690be7011cab832) | wlan host |　Buffer Copy without Checking Size of Input in WLAN |[201805 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2)
[CVE-2017-14888](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d50dfd647b2396d2e2c05b7aee84d831e4a18d68) | wlan host |　Buffer Copy without Checking Size of Input in WLAN |[201805 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2)
[CVE-2017-15832](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=2b087bc5d5bdc18f9bc75148bd8b176a676b910a) | wlan host | Buffer Overwrite | [201805 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2)
[CVE-2017-15854](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=aef5f626a7454844cc695a827cb87f89b37501e7) | wlan host | Integer Overflow | [201805 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2)
[CVE-2017-18070](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=dc6c24b0a660d643c90a9cede1be4bdd44509b3e) | wlan host | Integer Overflow | [201805 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2)
[CVE-2018-3565](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ab91234d52984a86a836561578c8ab85cf0b5f2f) | wlan host | Buffer Copy without Checking Size of Input in WLAN |[201805 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2)
[CVE-2018-5851](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=103f385783f368cc5cd3c125390e6dfd43c36096) | wlan host |  Improper Validation of Array Index |[201805 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2)
[CVE-2017-14890](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=234e14add09a1ba4a1b1d81d474ac3978dc94fd6) | wlan host | Improper Validation of Array Index in WLAN | [201804 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/04/25/april-2018-code-aurora-security-bulletin)
[CVE-2017-14894](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dfca3d8173c1548a97e558cb8abd1ffd2483f8b7) | wlan host | Improper Validation of Array Index in WLAN | [201804 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/04/25/april-2018-code-aurora-security-bulletin)
[CVE-2017-15836](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=058e1eef2b1422bc0dd70f73832f1ac8a3dbe806) | wlan host | Integer Overflow | [201804 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/04/25/april-2018-code-aurora-security-bulletin)
[CVE-2018-3566](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=11868230d4fe79f76eae30c742b4c68c2899caea) | wlan host | Buffer Copy without Checking Size of Input in WLAN | [201804 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/04/25/april-2018-code-aurora-security-bulletin)
[CVE-2018-3567](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=f2627fca43bc4403a445c2b84481383ac0249364) | wlan host | Buffer Copy without Checking Size of Input in WLAN | [201804 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/04/25/april-2018-code-aurora-security-bulletin)
[CVE-2018-3568](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=70cd30a5c1fdd02af19cf0e34c41842cce89a82d) | wlan host |Buffer Copy without Checking Size of Input in WLAN | [201804 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/04/25/april-2018-code-aurora-security-bulletin)
[CVE-2018-5828](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=6299a6bf166a60a47e9108ae2119027e787432d0) | wlan host | Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN | [201804 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/04/25/april-2018-code-aurora-security-bulletin)
[CVE-2017-11082](https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=92dae57979d8efc7656338f729d50a9e6dc8e8d8) | wlan host | Buffer Copy without Checking Size of Input in WLAN | [201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-18148](https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0095fe909e259525e093650cf799ceecf4ec3447) | display | Buffer Overflow | [201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-14885](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44e992e169dbd601f95e845961cb2181b167a553) | wlan host | Integer Overflow to Buffer Overflow in WLAN |[201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-14887](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0) | wlan host | Buffer Copy without Checking Size of Input in WLAN | [201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-14889](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755) | wlan host | Improper Input Validation in WLAN | [201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-15821](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44cd589c8a0f5a245e0003a7d0c4be1b5f3ba890) | wlan host | Improper Input Validation in WLAN | [201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-15830](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a7a2a9c5d203e3395811963061c79d3bc257ebe) | wlan host | Improper Validation of Array Index in WLAN | [201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-15831](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=31e6a657320e4299c659e3d57d38a89afe8c1ce1) | wlan host |  Integer Overflow | [201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-18150](https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=401dce7cfdfea999a5209e52371beca9423452b7) | touch | Possible heap overwrite in touchscreen driver | [201803 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin)
[CVE-2017-9723](https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e83ebd2098009b0d336ffab11e00f739902bd5d9) | Touch | Buffer Overflow | [201802 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/02/16/february-2018-code-aurora-security-bulletin)
[CVE-2017-15823](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=49c1ce19c8a4689c33e6e8f17ab77d77fae6ff93) | wlan host | Improper Input Validation in WLAN |[201802 Qual Bulletin](https://www.codeaurora.org/security-bulletin/2018/02/16/february-2018-code-aurora-security-bulletin)
[CVE-2017-11030](https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2be7caec635de9fcf0d2145f858635e9366f0f4f) | mdss hdmi driver | Use of Out-of-range Pointer Offset in Display | [201712 Qual bulletin](https://www.codeaurora.org/security-bulletin/2017/12/14/december-2017-security-bulletin) 
[CVE-2017-11033](https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b54141365805ae1a5254bff5442e1a103d3701d0) | coresight-tmc driver | UAF | [201712 Qual bulletin](https://www.codeaurora.org/security-bulletin/2017/12/14/december-2017-security-bulletin) 
[CVE-2017-9722](https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=ab0ae43628cff92d10792b762667ddfaf243d796) | mdss hdmi | Buffer Overflow | [201712 Qual bulletin](https://www.codeaurora.org/security-bulletin/2017/12/14/december-2017-security-bulletin) 
[CVE-2016-5863](https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93) | hidev driver | Array Overflow | [201710 Qual bulletin](https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1) 
[CVE-2017-6421](https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=be42c7ff1f0396484882451fd18f47144c8f1b6b) |  touch controller driver | Buffer Overflow | [201710 Qual bulletin](https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1) 
[CVE-2017-8257](https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0f19fbd00c6679bbc524f7a6d0fc3d54cfd1c9ae) |  sde_rotator  driver | UAF | [201710 Qual bulletin](https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1) 


## Huawei

CVE Number | Type | Bulletin 
---------- | ------- | ------
[CVE-2015-8223](http://www.huawei.com/en/psirt/security-advisories/hw-460489) | Dos | huawei advisories 2015-11
[CVE-2015-8679](http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160105-01-smartphone-cn) | Dos | huawei advisories 2016-02
[CVE-2015-8678](http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160105-01-smartphone-cn) | Dos | huawei advisories 2016-02
[CVE-2016-8768](http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161026-01-pxn-cn/) | Elevation of privilege | huawei advisories 2016-10
[CVE-2015-7740](http://www.huawei.com/cn/psirt/security-advisories/2015/hw-460487) | Dos | huawei advisories 2015-11
[CVE-2015-8225](http://www.huawei.com/cn/psirt/security-advisories/2015/hw-465531) | Dos | huawei advisories 2015-12
[CVE-2015-8226](http://www.huawei.com/cn/psirt/security-advisories/2015/hw-465531) | Dos | huawei advisories 2015-12
[CVE-2017-0509](http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-02-smartphone-en) | Elevation of privilege | huawei advisories 2016-12