On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.

In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.

In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.

In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.

In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.

In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.

In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.

In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.

In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.

In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.

In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.

In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.