Google Inc Android vulnerabilities

CVE-2017-0552 [MEDIUM] CVE-2017-0552: A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.

CVE-2017-0550 [MEDIUM] CVE-2017-0550: A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.

CVE-2017-0481 [HIGH] CWE-120 CVE-2017-0481: An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrar An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2

CVE-2017-0471 [HIGH] CWE-119 CVE-2017-0471: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially craf A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. A

CVE-2017-0518 [HIGH] CVE-2017-0518: An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a loc An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32370896. References: QC-CR#108653

CVE-2016-8479 [HIGH] CWE-264 CVE-2016-8479: An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious ap An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android.

CVE-2017-0469 [HIGH] CWE-119 CVE-2017-0469: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially craf A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. A

CVE-2017-0516 [HIGH] CVE-2017-0516: An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local m An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32341680. References: QC-

CVE-2017-0510 [HIGH] CVE-2017-0510: An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious ap An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions

CVE-2017-0478 [HIGH] CVE-2017-0478: A remote code execution vulnerability in the Framesequence library could enable an attacker using a A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1,

CVE-2017-0508 [HIGH] CVE-2017-0508: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious a An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Version

CVE-2017-0466 [HIGH] CWE-119 CVE-2017-0466: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially craf A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. A

CVE-2017-0504 [HIGH] CVE-2017-0504: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driv An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, whi

CVE-2017-0477 [HIGH] CWE-119 CVE-2017-0477: A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted f A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647.

CVE-2017-0507 [HIGH] CVE-2017-0507: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious a An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Version

CVE-2017-0509 [HIGH] CVE-2017-0509: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Version

CVE-2017-0468 [HIGH] CWE-119 CVE-2017-0468: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially craf A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. A

CVE-2017-0505 [HIGH] CVE-2017-0505: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driv An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, whi

CVE-2017-0458 [HIGH] CWE-20 CVE-2017-0458: An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433.

CVE-2017-0523 [HIGH] CVE-2017-0523: An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945.