Google Inc Android vulnerabilities

CVE-2017-0539 [HIGH] CWE-119 CVE-2017-0539: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a spe A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1,

CVE-2017-0572 [HIGH] CVE-2017-0572: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597.

CVE-2017-0580 [HIGH] CVE-2017-0580: An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local mal An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.

CVE-2017-0540 [HIGH] CWE-119 CVE-2017-0540: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a spe A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1,

CVE-2017-0566 [HIGH] CVE-2017-0566: An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.

CVE-2017-0554 [HIGH] CWE-862 CVE-2017-0554: An elevation of privilege vulnerability in the Telephony component could enable a local malicious ap An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions

CVE-2017-0553 [HIGH] CWE-190 CVE-2017-0553: An elevation of privilege vulnerability in libnl could enable a local malicious application to execu An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.

CVE-2017-0577 [HIGH] CVE-2017-0577: An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951.

CVE-2017-0568 [HIGH] CVE-2017-0568: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600.

CVE-2017-0578 [HIGH] CVE-2017-0578: An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious appli An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.

CVE-2017-0542 [HIGH] CWE-119 CVE-2017-0542: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a spec A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0

CVE-2017-0567 [HIGH] CVE-2017-0567: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.

CVE-2017-0544 [HIGH] CWE-672 CVE-2017-0544: An elevation of privilege vulnerability in CameraBase could enable a local malicious application to An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.

CVE-2017-0581 [HIGH] CVE-2017-0581: An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local mal An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485.

CVE-2017-0454 [HIGH] CVE-2017-0454: An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067

CVE-2017-0563 [HIGH] CWE-345 CVE-2017-0563: An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Androi

CVE-2017-0546 [HIGH] CWE-476 CVE-2017-0546: An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Ve

CVE-2017-0545 [HIGH] CWE-682 CVE-2017-0545: An elevation of privilege vulnerability in Audioserver could enable a local malicious application to An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versi

CVE-2017-0573 [HIGH] CVE-2017-0573: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34469904. References: B-RB#91539.

CVE-2017-0538 [HIGH] CWE-119 CVE-2017-0538: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a spec A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0