Google Inc Android vulnerabilities

CVE-2017-0491 [MEDIUM] CVE-2017-0491: An elevation of privilege vulnerability in Package Manager could enable a local malicious applicatio An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.

CVE-2017-0496 [MEDIUM] CVE-2017-0496: A denial of service vulnerability in Setup Wizard could allow a local malicious application to tempo A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152.

CVE-2017-0536 [MEDIUM] CWE-200 CVE-2017-0536: An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local mal An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.

CVE-2017-0461 [MEDIUM] CWE-200 CVE-2017-0461: An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100

CVE-2017-0452 [MEDIUM] CWE-200 CVE-2017-0452: An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693.

CVE-2016-8418 [CRITICAL] CWE-284 CVE-2016-8418: A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker t A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457

CVE-2017-0449 [HIGH] CVE-2017-0449: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Androi

CVE-2017-0427 [HIGH] CVE-2017-0427: An elevation of privilege vulnerability in the kernel file system could enable a local malicious app An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions:

CVE-2017-0446 [HIGH] CVE-2017-0446: An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445.

CVE-2017-0422 [HIGH] CWE-20 CVE-2017-0422: A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially cr A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088.

CVE-2017-0443 [HIGH] CVE-2017-0443: An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497

CVE-2017-0409 [HIGH] CVE-2017-0409: A remote code execution vulnerability in libstagefright could enable an attacker using a specially c A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID:

CVE-2017-0417 [HIGH] CWE-787 CVE-2017-0417: An elevation of privilege vulnerability in Audioserver could enable a local malicious application to An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versi

CVE-2017-0432 [HIGH] CVE-2017-0432: An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious applic An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719.

CVE-2017-0412 [HIGH] CWE-367 CVE-2017-0412: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious applica An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android

CVE-2017-0438 [HIGH] CWE-120 CVE-2017-0438: An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR

CVE-2017-0435 [HIGH] CVE-2017-0435: An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000

CVE-2017-0441 [HIGH] CWE-120 CVE-2017-0441: An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR

CVE-2016-8420 [HIGH] CWE-264 CVE-2016-8420: An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR

CVE-2017-0411 [HIGH] CWE-367 CVE-2017-0411: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious applica An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android