Google Inc Android vulnerabilities

CVE-2017-0624 [MEDIUM] CWE-200 CVE-2017-0624: An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. Ref

CVE-2017-0630 [MEDIUM] CWE-200 CVE-2017-0630: An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.

CVE-2017-0625 [MEDIUM] CWE-200 CVE-2017-0625: An information disclosure vulnerability in the MediaTek command queue driver could enable a local ma An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-A

CVE-2017-0600 [MEDIUM] CVE-2017-0600: A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker t A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.

CVE-2017-0603 [MEDIUM] CWE-190 CVE-2017-0603: A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.

CVE-2017-0598 [MEDIUM] CWE-200 CVE-2017-0598: An information disclosure vulnerability in the Framework APIs could enable a local malicious applica An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.

CVE-2017-0629 [MEDIUM] CWE-200 CVE-2017-0629: An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#10

CVE-2017-0602 [MEDIUM] CWE-200 CVE-2017-0602: An information disclosure vulnerability in Bluetooth could allow a local malicious application to by An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Androi

CVE-2017-0635 [MEDIUM] CWE-476 CVE-2017-0635: A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could ena A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.

CVE-2017-0633 [MEDIUM] CWE-200 CVE-2017-0633: An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.

CVE-2016-10294 [MEDIUM] CWE-200 CVE-2016-10294: An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#11

CVE-2016-10292 [MEDIUM] CWE-399 CVE-2016-10292: A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466.

CVE-2017-0493 [MEDIUM] CWE-922 CVE-2017-0493: An information disclosure vulnerability in File-Based Encryption could enable a local malicious atta An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.

CVE-2017-0561 [CRITICAL] CWE-787 CVE-2017-0561: A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105

CVE-2017-0543 [HIGH] CWE-119 CVE-2017-0543: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a spec A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0

CVE-2017-0575 [HIGH] CVE-2017-0575: An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099

CVE-2017-0583 [HIGH] CVE-2017-0583: An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malici An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: And

CVE-2017-0574 [HIGH] CVE-2017-0574: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189.

CVE-2017-0541 [HIGH] CWE-119 CVE-2017-0541: A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a spe A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2,

CVE-2017-0579 [HIGH] CVE-2017-0579: An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406