Google Inc Android vulnerabilities

CVE-2017-0562 [HIGH] CVE-2017-0562: An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local mali An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android.

CVE-2017-0582 [HIGH] CVE-2017-0582: An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicio An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.

CVE-2017-0462 [HIGH] CWE-362 CVE-2017-0462: An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.

CVE-2017-0571 [HIGH] CVE-2017-0571: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541.

CVE-2017-0570 [HIGH] CVE-2017-0570: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688.

CVE-2017-0565 [HIGH] CVE-2017-0565: An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local maliciou An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.

CVE-2017-0576 [HIGH] CWE-190 CVE-2017-0576: An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local ma An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. Referenc

CVE-2017-0569 [HIGH] CWE-131 CVE-2017-0569: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#

CVE-2017-0557 [MEDIUM] CWE-200 CVE-2017-0557: An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious ap An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.

CVE-2017-0559 [MEDIUM] CWE-200 CVE-2017-0559: An information disclosure vulnerability in libskia could enable a local malicious application to acc An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.

CVE-2017-0584 [MEDIUM] CWE-200 CVE-2017-0584: An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104

CVE-2017-0560 [MEDIUM] CWE-200 CVE-2017-0560: An information disclosure vulnerability in the factory reset process could enable a local malicious An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.

CVE-2017-0556 [MEDIUM] CWE-200 CVE-2017-0556: An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious ap An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.

CVE-2017-0555 [MEDIUM] CWE-200 CVE-2017-0555: An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious appl An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.

CVE-2017-0548 [MEDIUM] CWE-119 CVE-2017-0548: A remote denial of service vulnerability in libskia could enable an attacker to use a specially craf A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.

CVE-2017-0585 [MEDIUM] CWE-200 CVE-2017-0585: An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#11295

CVE-2017-0558 [MEDIUM] CWE-200 CVE-2017-0558: An information disclosure vulnerability in Mediaserver could enable a local malicious application to An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.

CVE-2017-0547 [MEDIUM] CWE-200 CVE-2017-0547: An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious ap An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1

CVE-2017-0586 [MEDIUM] CWE-200 CVE-2017-0586: An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097

CVE-2017-0549 [MEDIUM] CVE-2017-0549: A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.