Google Inc Android vulnerabilities

CVE-2017-13293 [HIGH] CWE-787 CVE-2017-13293: In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a m In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701.

CVE-2017-6423 [HIGH] CVE-2017-6423: An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158.

CVE-2017-13264 [HIGH] CVE-2017-13264: A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0. A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343.

CVE-2017-13261 [HIGH] CWE-125 CVE-2017-13261: In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a mis In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID:

CVE-2017-13271 [HIGH] CVE-2017-13271: A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versi A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799.

CVE-2017-13265 [HIGH] CVE-2017-13265: A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versio A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423.

CVE-2016-10231 [HIGH] CWE-264 CVE-2016-10231: An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versio An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.

CVE-2017-13301 [HIGH] CWE-20 CVE-2017-13301: A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0 A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711.

CVE-2017-13260 [HIGH] CWE-125 CVE-2017-13260: In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds che In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.

CVE-2017-13263 [HIGH] CVE-2017-13263: A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8. A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160.

CVE-2017-13288 [HIGH] CWE-682 CVE-2017-13288: In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andr

CVE-2016-8486 [HIGH] CWE-200 CVE-2016-8486: An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Vers An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691.

CVE-2016-8485 [HIGH] CWE-200 CVE-2016-8485: An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Vers An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681.

CVE-2017-13305 [HIGH] CWE-125 CVE-2017-13305: A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Vers A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

CVE-2017-13287 [HIGH] CWE-20 CVE-2017-13287: In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0,

CVE-2017-13289 [HIGH] CWE-131 CVE-2017-13289: In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a writ In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions

CVE-2017-13250 [HIGH] CWE-787 CVE-2017-13250: In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0

CVE-2017-13307 [HIGH] CVE-2017-13307: A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924.

CVE-2017-13249 [HIGH] CWE-787 CVE-2017-13249: In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a miss In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408.

CVE-2017-13280 [HIGH] CWE-125 CVE-2017-13280: In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds r In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Androi