Google Inc Android vulnerabilities

CVE-2016-8456 [HIGH] CWE-264 CVE-2016-8456: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#

CVE-2016-8433 [HIGH] CWE-264 CVE-2016-8433: An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious applic An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Vers

CVE-2016-6768 [HIGH] CWE-284 CVE-2016-6768: A remote code execution vulnerability in the Framesequence library could enable an attacker using a A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2

CVE-2016-8427 [HIGH] CWE-264 CVE-2016-8427: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious appl An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Ve

CVE-2017-0381 [HIGH] CWE-190 CVE-2017-0381: An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could ena An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Androi

CVE-2016-8431 [HIGH] CWE-264 CVE-2016-8431: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious appl An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Ve

CVE-2016-8425 [HIGH] CWE-264 CVE-2016-8425: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious appl An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Ve

CVE-2017-0387 [HIGH] CVE-2017-0387: An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0

CVE-2016-8399 [HIGH] CWE-284 CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local mali An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: A

CVE-2016-8422 [HIGH] CWE-264 CVE-2016-8422: An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious ap An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android.

CVE-2016-8452 [HIGH] CWE-264 CVE-2016-8452: An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR

CVE-2016-8445 [HIGH] CWE-264 CVE-2016-8445: An elevation of privilege vulnerability in MediaTek components, including the thermal driver and vid An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747

CVE-2017-0382 [HIGH] CVE-2017-0382: A remote code execution vulnerability in the Framesequence library could enable an attacker using a A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1,

CVE-2016-8432 [HIGH] CWE-264 CVE-2016-8432: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious appl An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Ve

CVE-2016-6791 [HIGH] CWE-284 CVE-2016-6791: An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR

CVE-2016-8464 [HIGH] CWE-264 CVE-2016-8464: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10

CVE-2016-8458 [HIGH] CWE-264 CVE-2016-8458: An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local mal An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442.

CVE-2017-0389 [HIGH] CWE-20 CVE-2017-0389: A denial of service vulnerability in core networking could enable a remote attacker to use specially A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211.

CVE-2016-6778 [HIGH] CWE-284 CVE-2016-6778: An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646.

CVE-2016-8453 [HIGH] CWE-264 CVE-2016-8453: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392.