Google Inc Android vulnerabilities

CVE-2016-8406 [MEDIUM] CWE-200 CVE-2016-8406: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, US An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel

CVE-2016-8475 [MEDIUM] CWE-200 CVE-2016-8475: An information disclosure vulnerability in the HTC input driver could enable a local malicious appli An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129.

CVE-2016-8405 [MEDIUM] CWE-200 CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, US An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel

CVE-2017-0390 [MEDIUM] CVE-2017-0390: A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370.

CVE-2016-6756 [MEDIUM] CWE-200 CVE-2016-6756: An information disclosure vulnerability in Qualcomm components including the camera driver and video An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Androi

CVE-2017-0392 [MEDIUM] CVE-2017-0392: A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290.

CVE-2016-8473 [MEDIUM] CWE-200 CVE-2016-8473: An information disclosure vulnerability in the STMicroelectronics driver could enable a local malici An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790.

CVE-2016-8397 [MEDIUM] CWE-200 CVE-2016-8397: An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious ap An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE

CVE-2016-6770 [LOW] CWE-284 CVE-2016-6770: An elevation of privilege vulnerability in the Framework API could enable a local malicious applicat An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228.

CVE-2016-6725 [CRITICAL] CWE-284 CVE-2016-6725: A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 cou A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#10

CVE-2016-6728 [HIGH] CWE-264 CVE-2016-6728: An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 cou An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair

CVE-2016-6754 [HIGH] CWE-74 CVE-2016-6754: A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.

CVE-2016-6735 [HIGH] CWE-264 CVE-2016-6735: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the

CVE-2016-6740 [HIGH] CWE-264 CVE-2016-6740: An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 c An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307.

CVE-2016-6731 [HIGH] CWE-264 CVE-2016-6731: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the

CVE-2016-6705 [HIGH] CWE-264 CVE-2016-6705: An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5 An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated c

CVE-2016-6742 [HIGH] CWE-264 CVE-2016-6742: An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-1 An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828.

CVE-2016-6739 [HIGH] CWE-264 CVE-2016-6739: An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 c An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826.

CVE-2016-6741 [HIGH] CWE-264 CVE-2016-6741: An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 c An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554.

CVE-2016-6745 [HIGH] CWE-264 CVE-2016-6745: An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-1 An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388.