Google Inc Android vulnerabilities

CVE-2016-6788 [HIGH] CWE-264 CVE-2016-6788: An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious ap An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467.

CVE-2016-8429 [HIGH] CWE-264 CVE-2016-8429: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious appl An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Ve

CVE-2016-8407 [MEDIUM] CWE-200 CVE-2016-8407: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, US An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel

CVE-2016-6769 [MEDIUM] CWE-284 CVE-2016-6769: An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. And

CVE-2016-8472 [MEDIUM] CWE-200 CVE-2016-8472: An information disclosure vulnerability in the MediaTek driver could enable a local malicious applic An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384.

CVE-2016-8400 [MEDIUM] CWE-200 CVE-2016-8400: An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local m An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CV

CVE-2016-8460 [MEDIUM] CWE-200 CVE-2016-8460: An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious ap An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE

CVE-2016-8410 [MEDIUM] CWE-200 CVE-2016-8410: An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#9870

CVE-2016-8470 [MEDIUM] CWE-200 CVE-2016-8470: An information disclosure vulnerability in the MediaTek driver could enable a local malicious applic An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395.

CVE-2017-0402 [MEDIUM] CWE-200 CVE-2017-0402: An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audi An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.

CVE-2016-6764 [MEDIUM] CWE-399 CVE-2016-6764: A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434.

CVE-2016-8409 [MEDIUM] CWE-200 CVE-2016-8409: An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious ap An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409.

CVE-2016-8469 [MEDIUM] CWE-200 CVE-2016-8469: An information disclosure vulnerability in the camera driver could enable a local malicious applicat An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469.

CVE-2016-6757 [MEDIUM] CWE-200 CVE-2016-6757: An information disclosure vulnerability in Qualcomm components including the camera driver and video An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Androi

CVE-2016-6765 [MEDIUM] CWE-19 CVE-2016-6765: A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945.

CVE-2016-8463 [MEDIUM] CWE-399 CVE-2016-8463: A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855.

CVE-2016-8396 [MEDIUM] CWE-200 CVE-2016-8396: An information disclosure vulnerability in the MediaTek video driver could enable a local malicious An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105.

CVE-2017-0401 [MEDIUM] CWE-200 CVE-2017-0401: An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.

CVE-2017-0391 [MEDIUM] CVE-2017-0391: A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32322258.

CVE-2017-0393 [MEDIUM] CVE-2017-0393: A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a s A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.