Google Inc Android vulnerabilities

CVE-2017-13271 [HIGH] CVE-2017-13271: A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versi A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799.

CVE-2017-13286 [HIGH] CWE-502 CVE-2017-13286: In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.

CVE-2016-10231 [HIGH] CWE-264 CVE-2016-10231: An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versio An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.

CVE-2017-13265 [HIGH] CVE-2017-13265: A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versio A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423.

CVE-2017-13263 [HIGH] CVE-2017-13263: A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8. A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160.

CVE-2016-10235 [HIGH] CWE-20 CVE-2016-10235: A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android k A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.

CVE-2017-13288 [HIGH] CWE-682 CVE-2017-13288: In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andr

CVE-2016-8486 [HIGH] CWE-200 CVE-2016-8486: An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Vers An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691.

CVE-2017-13287 [HIGH] CWE-20 CVE-2017-13287: In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0,

CVE-2017-13307 [HIGH] CVE-2017-13307: A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924.

CVE-2017-13293 [HIGH] CWE-787 CVE-2017-13293: In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a m In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701.

CVE-2017-13258 [HIGH] CWE-125 CVE-2017-13258: In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds che In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755.

CVE-2017-13253 [HIGH] CWE-787 CVE-2017-13253: In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missi In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378.

CVE-2017-6424 [HIGH] CVE-2017-6424: An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: And An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.

CVE-2017-13289 [HIGH] CWE-131 CVE-2017-13289: In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a writ In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions

CVE-2017-13270 [HIGH] CVE-2017-13270: A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versi A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.

CVE-2017-13251 [HIGH] CWE-787 CVE-2017-13251: In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8

CVE-2017-13260 [HIGH] CWE-125 CVE-2017-13260: In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds che In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.

CVE-2017-13306 [HIGH] CVE-2017-13306: A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063.

CVE-2017-13299 [HIGH] CVE-2017-13299: A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0. A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394.