Google Inc Android vulnerabilities

CVE-2017-0651 [MEDIUM] CWE-200 CVE-2017-0651: An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious a An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815.

CVE-2017-0643 [MEDIUM] CVE-2017-0643: A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051.

CVE-2017-0644 [MEDIUM] CVE-2017-0644: A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997.

CVE-2017-0639 [MEDIUM] CWE-200 CVE-2017-0639: An information disclosure vulnerability in Bluetooth component could enable a local malicious applic An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.

CVE-2017-0613 [HIGH] CWE-20 CVE-2017-0613: An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator dr An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Andro

CVE-2017-0593 [HIGH] CWE-732 CVE-2017-0593: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious applica An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Andr

CVE-2017-0591 [HIGH] CWE-119 CVE-2017-0591: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a spec A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0

CVE-2017-0610 [HIGH] CWE-754 CVE-2017-0610: An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR

CVE-2016-10284 [HIGH] CWE-264 CVE-2016-10284: An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-

CVE-2017-0606 [HIGH] CVE-2017-0606: An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015

CVE-2017-0620 [HIGH] CWE-20 CVE-2017-0620: An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052.

CVE-2017-0607 [HIGH] CWE-704 CVE-2017-0607: An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.

CVE-2017-0614 [HIGH] CWE-120 CVE-2017-0614: An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator dr An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Andr

CVE-2017-0465 [HIGH] CWE-120 CVE-2017-0465: An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local maliciou An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC

CVE-2017-0622 [HIGH] CWE-755 CVE-2017-0622: An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malici An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602

CVE-2017-0608 [HIGH] CWE-787 CVE-2017-0608: An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR

CVE-2016-10282 [HIGH] CWE-264 CVE-2016-10282: An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local maliciou An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.

CVE-2016-10275 [HIGH] CWE-264 CVE-2016-10275: An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious ap An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android

CVE-2017-0611 [HIGH] CWE-190 CVE-2017-0611: An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR

CVE-2017-0617 [HIGH] CVE-2017-0617: An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.