Vulnerabilites related to google - nexus_7
Vulnerability from fkie_nvd
Published
2019-06-06 20:29
Modified
2024-11-21 04:23
Severity ?
Summary
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mi | mi_5s_plus_firmware | - | |
| mi | mi_5s_plus | - | |
| sony | xperia_z4_firmware | - | |
| sony | xperia_z4 | - | |
| samsung | galaxy_s6_edge_firmware | - | |
| samsung | galaxy_s6_edge | - | |
| samsung | galaxy_s4_firmware | - | |
| samsung | galaxy_s4 | - | |
| nexus_7_firmware | - | ||
| nexus_7 | - | ||
| nexus_9_firmware | - | ||
| nexus_9 | - | ||
| sharp | aquos_zeta_sh-04f_firmware | - | |
| sharp | aquos_zeta_sh-04f | - | |
| fujitsu | arrows_nx_f05-f_firmware | - | |
| fujitsu | arrows_nx_f05-f | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mi:mi_5s_plus_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D0C125-DF98-4616-9957-16F9F4A37DFA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mi:mi_5s_plus:-:*:*:*:*:*:*:*", matchCriteriaId: "C2C8D05B-B851-41BD-A0C7-ED4B47A4CAA1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sony:xperia_z4_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2BE6C7CA-1A0A-46D1-8807-476E8014F5C0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sony:xperia_z4:-:*:*:*:*:*:*:*", matchCriteriaId: "AB52A381-4094-483C-BC6F-01E81BB2D3C3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:samsung:galaxy_s6_edge_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B7D8A184-3F01-49A1-98BE-B735296383B1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*", matchCriteriaId: "64C60E27-871F-4B77-87A5-9F9F20DCA2D3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5612A23E-43B3-4B13-89C1-6178C1737DAB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*", matchCriteriaId: "717D895C-E64D-4E0E-9F4A-9B191E6388B6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:nexus_7_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "183D2632-2F2A-4B17-9617-92509C31B702", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:google:nexus_7:-:*:*:*:*:*:*:*", matchCriteriaId: "12357E84-6FAE-4C6B-8FD3-BD5457DBBBCE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:nexus_9_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "852FB43E-072C-4C96-ABEF-6F15E4F3C0F3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:google:nexus_9:-:*:*:*:*:*:*:*", matchCriteriaId: "1018566D-5DBE-44BD-BA05-1F6A6375C32F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sharp:aquos_zeta_sh-04f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "16E64A2E-16CB-4301-8A7C-F3765EF2B7BE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sharp:aquos_zeta_sh-04f:-:*:*:*:*:*:*:*", matchCriteriaId: "2D5DC700-E8CB-4A19-B704-5384ED7D3697", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:arrows_nx_f05-f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5CDA25A7-839A-4870-8DE6-D2B0D2405F37", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:arrows_nx_f05-f:-:*:*:*:*:*:*:*", matchCriteriaId: "99C8B1DE-1EA8-405F-9D4E-5F6D96F4B6D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.", }, { lang: "es", value: "Los dispositivos Xiaomi Mi 5s Plus permiten a los atacantes desencadenar anomalías de la pantalla táctil a través de una señal de radio entre 198 kHz y 203 kHz, como lo demuestra un transmisor y una antena ocultos justo debajo de la superficie de una mesa de cafetería, también conocida como Ghost Touch.", }, ], id: "CVE-2019-12762", lastModified: "2024-11-21T04:23:31.383", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-06T20:29:02.807", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/", }, { source: "cve@mitre.org", url: "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-08-06 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9F95E1BD-CF7F-4FE7-A0A5-A342E6C36FB9", versionEndIncluding: "3.12.9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*", matchCriteriaId: "25DB8689-116F-49B5-91F5-BCBA8854BD42", vulnerable: false, }, { criteria: "cpe:2.3:h:google:nexus_7:-:*:*:*:*:*:*:*", matchCriteriaId: "12357E84-6FAE-4C6B-8FD3-BD5457DBBBCE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.", }, { lang: "es", value: "arch/arm/mm/dma-mapping.c en el kernel de Linux en versiones anteriores 3.13 en las plataformas ARM, como se utiliza en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 5 y 7 (2013), no impide asignaciones DMA ejecutables, lo que permite a usuarios locales obtener privilegios a través de una aplicacion manipulada, también conocido como error interno de Android 28803642 y error interno de Qualcomm CR642735.", }, ], id: "CVE-2014-9888", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-08-06T10:59:31.293", references: [ { source: "security@android.com", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { source: "security@android.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://source.android.com/security/bulletin/2016-08-01.html", }, { source: "security@android.com", url: "http://www.securityfocus.com/bid/92219", }, { source: "security@android.com", tags: [ "Patch", ], url: "https://github.com/torvalds/linux/commit/0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { source: "security@android.com", url: "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://source.android.com/security/bulletin/2016-08-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/torvalds/linux/commit/0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-13 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@android.com | http://source.android.com/security/bulletin/2016-06-01.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://source.android.com/security/bulletin/2016-06-01.html | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:google:nexus_7:-:*:*:*:*:*:*:*", matchCriteriaId: "12357E84-6FAE-4C6B-8FD3-BD5457DBBBCE", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "691FA41B-C2CE-413F-ABB1-0B22CB322807", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.", }, { lang: "es", value: "El controlador Wi-Fi Qualcomm en Android en versiones anteriores a 2016-06-01 en dispositivos Nexus 7 (2013) permite a atacantes eludir las restricciones destinadas al acceso de datos a través de una aplicación manipulada, también conocida como error interno 27777162.", }, ], id: "CVE-2016-2498", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-13T01:59:36.517", references: [ { source: "security@android.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://source.android.com/security/bulletin/2016-06-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://source.android.com/security/bulletin/2016-06-01.html", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2016-2498
Vulnerability from cvelistv5
Published
2016-06-13 01:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
References
| ▼ | URL | Tags |
|---|---|---|
| http://source.android.com/security/bulletin/2016-06-01.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:32:20.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://source.android.com/security/bulletin/2016-06-01.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-06T00:00:00", descriptions: [ { lang: "en", value: "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-13T01:57:01", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://source.android.com/security/bulletin/2016-06-01.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2016-2498", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://source.android.com/security/bulletin/2016-06-01.html", refsource: "CONFIRM", url: "http://source.android.com/security/bulletin/2016-06-01.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2016-2498", datePublished: "2016-06-13T01:00:00", dateReserved: "2016-02-18T00:00:00", dateUpdated: "2024-08-05T23:32:20.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9888
Vulnerability from cvelistv5
Published
2016-08-06 10:00
Modified
2024-08-06 14:02
Severity ?
EPSS score ?
Summary
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.
References
| ▼ | URL | Tags |
|---|---|---|
| http://source.android.com/security/bulletin/2016-08-01.html | x_refsource_CONFIRM | |
| https://github.com/torvalds/linux/commit/0ea1ec713f04bdfac343c9702b21cd3a7c711826 | x_refsource_CONFIRM | |
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ea1ec713f04bdfac343c9702b21cd3a7c711826 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92219 | vdb-entry, x_refsource_BID | |
| https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:02:36.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://source.android.com/security/bulletin/2016-08-01.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { name: "92219", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92219", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-01T00:00:00", descriptions: [ { lang: "en", value: "arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://source.android.com/security/bulletin/2016-08-01.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { name: "92219", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92219", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2014-9888", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://source.android.com/security/bulletin/2016-08-01.html", refsource: "CONFIRM", url: "http://source.android.com/security/bulletin/2016-08-01.html", }, { name: "https://github.com/torvalds/linux/commit/0ea1ec713f04bdfac343c9702b21cd3a7c711826", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ea1ec713f04bdfac343c9702b21cd3a7c711826", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ea1ec713f04bdfac343c9702b21cd3a7c711826", }, { name: "92219", refsource: "BID", url: "http://www.securityfocus.com/bid/92219", }, { name: "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1", refsource: "CONFIRM", url: "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2014-9888", datePublished: "2016-08-06T10:00:00", dateReserved: "2016-06-24T00:00:00", dateUpdated: "2024-08-06T14:02:36.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12762
Vulnerability from cvelistv5
Published
2019-06-06 19:45
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607 | x_refsource_MISC | |
| https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:32:54.710Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-06T19:45:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", }, { tags: [ "x_refsource_MISC", ], url: "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12762", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", refsource: "MISC", url: "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607", }, { name: "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/", refsource: "MISC", url: "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12762", datePublished: "2019-06-06T19:45:22", dateReserved: "2019-06-06T00:00:00", dateUpdated: "2024-08-04T23:32:54.710Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3186
Vulnerability from cvelistv5
Published
2014-09-28 10:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:35:57.054Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20140911 Re: Multiple Linux USB driver CVE assignment", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/09/11/22", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189", }, { name: "USN-2377-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2377-1", }, { name: "SUSE-SU-2015:0481", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", }, { name: "USN-2378-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2378-1", }, { name: "openSUSE-SU-2015:0566", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141407", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=844817e47eef14141cf59b8d5ac08dd11c0a9189", }, { name: "69763", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69763", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://code.google.com/p/google-security-research/issues/detail?id=101", }, { name: "USN-2379-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2379-1", }, { name: "USN-2376-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2376-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-11T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-12T18:57:00", orgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", shortName: "Chrome", }, references: [ { name: "[oss-security] 20140911 Re: Multiple Linux USB driver CVE assignment", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/09/11/22", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189", }, { name: "USN-2377-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2377-1", }, { name: "SUSE-SU-2015:0481", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", }, { name: "USN-2378-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2378-1", }, { name: "openSUSE-SU-2015:0566", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141407", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=844817e47eef14141cf59b8d5ac08dd11c0a9189", }, { name: "69763", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69763", }, { tags: [ "x_refsource_MISC", ], url: "https://code.google.com/p/google-security-research/issues/detail?id=101", }, { name: "USN-2379-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2379-1", }, { name: "USN-2376-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2376-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@google.com", ID: "CVE-2014-3186", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20140911 Re: Multiple Linux USB driver CVE assignment", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2014/09/11/22", }, { name: "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189", }, { name: "USN-2377-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2377-1", }, { name: "SUSE-SU-2015:0481", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", }, { name: "USN-2378-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2378-1", }, { name: "openSUSE-SU-2015:0566", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1141407", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141407", }, { name: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189", refsource: "CONFIRM", url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189", }, { name: "69763", refsource: "BID", url: "http://www.securityfocus.com/bid/69763", }, { name: "https://code.google.com/p/google-security-research/issues/detail?id=101", refsource: "MISC", url: "https://code.google.com/p/google-security-research/issues/detail?id=101", }, { name: "USN-2379-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2379-1", }, { name: "USN-2376-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2376-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", assignerShortName: "Chrome", cveId: "CVE-2014-3186", datePublished: "2014-09-28T10:00:00", dateReserved: "2014-05-03T00:00:00", dateUpdated: "2024-08-06T10:35:57.054Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }