Google Inc Android vulnerabilities

CVE-2017-13258 [HIGH] CWE-125 CVE-2017-13258: In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds che In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755.

CVE-2017-13253 [HIGH] CWE-787 CVE-2017-13253: In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missi In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378.

CVE-2017-6424 [HIGH] CVE-2017-6424: An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: And An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.

CVE-2017-13251 [HIGH] CWE-787 CVE-2017-13251: In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8

CVE-2017-13306 [HIGH] CVE-2017-13306: A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063.

CVE-2017-13299 [HIGH] CVE-2017-13299: A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0. A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394.

CVE-2015-9015 [HIGH] CWE-264 CVE-2015-9015: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.

CVE-2017-13277 [HIGH] CWE-787 CVE-2017-13277: In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bo In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027.

CVE-2017-13300 [HIGH] CWE-20 CVE-2017-13300: A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versio A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394.

CVE-2017-13278 [HIGH] CWE-416 CVE-2017-13278: In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581.

CVE-2017-13259 [HIGH] CWE-125 CVE-2017-13259: In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to miss In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID:

CVE-2016-10232 [HIGH] CWE-264 CVE-2016-10232: An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: An An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.

CVE-2017-13302 [HIGH] CWE-20 CVE-2017-13302: A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0 A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749.

CVE-2017-13297 [MEDIUM] CWE-200 CVE-2017-13297: A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. V A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.

CVE-2017-13268 [MEDIUM] CWE-200 CVE-2017-13268: A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.

CVE-2017-13279 [MEDIUM] CWE-834 CVE-2017-13279: In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of p In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-683

CVE-2017-13290 [MEDIUM] CWE-125 CVE-2017-13290: In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bo In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124.

CVE-2017-13257 [MEDIUM] CWE-416 CVE-2017-13257: In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0,

CVE-2017-13262 [MEDIUM] CWE-125 CVE-2017-13262: In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length dec In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID:

CVE-2017-13304 [MEDIUM] CWE-200 CVE-2017-13304: A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versi A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.