Google Inc Android vulnerabilities

CVE-2014-9909 [HIGH] CWE-264 CVE-2014-9909: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684.

CVE-2014-9910 [HIGH] CWE-264 CVE-2014-9910: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710.

CVE-2016-8467 [MEDIUM] CWE-264 CVE-2016-8467: An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute a An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. A

CVE-2017-0398 [MEDIUM] CWE-200 CVE-2017-0398: An information disclosure vulnerability in Audioserver could enable a local malicious application to An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-326356

CVE-2016-8398 [CRITICAL] CWE-254 CVE-2016-8398: Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS securit Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.

CVE-2016-8459 [CRITICAL] CWE-119 CVE-2016-8459: Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.

CVE-2016-8439 [CRITICAL] CWE-119 CVE-2016-8439: Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.

CVE-2016-8437 [CRITICAL] CWE-20 CVE-2016-8437: Improper input validation in Access Control APIs. Access control API may return memory range checkin Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.

CVE-2016-8440 [CRITICAL] CWE-119 CVE-2016-8440: Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call m Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.

CVE-2016-8438 [CRITICAL] CWE-190 CVE-2016-8438: Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.

CVE-2016-6780 [HIGH] CWE-284 CVE-2016-6780: An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496.

CVE-2016-8394 [HIGH] CWE-284 CVE-2016-8394: An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local mal An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197.

CVE-2017-0384 [HIGH] CVE-2017-0384: An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audi An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a thi

CVE-2016-6759 [HIGH] CWE-284 CVE-2016-6759: An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious appl An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Andr

CVE-2016-8455 [HIGH] CWE-264 CVE-2016-8455: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311.

CVE-2016-8444 [HIGH] CWE-284 CVE-2016-8444: An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious applic An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310.

CVE-2016-8447 [HIGH] CWE-264 CVE-2016-8447: An elevation of privilege vulnerability in MediaTek components, including the thermal driver and vid An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749

CVE-2016-8441 [HIGH] CWE-119 CVE-2016-8441: Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a bu Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769.

CVE-2016-8451 [HIGH] CWE-264 CVE-2016-8451: An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local mal An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033.

CVE-2016-6762 [HIGH] CWE-264 CVE-2016-6762: An elevation of privilege vulnerability in the libziparchive library could enable a local malicious An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: A