4.3.0

Graph of vulnerabilities affecting this version

Vulnerability graph

Key to graph

Black: affecting all manufacturers
Red: only affecting some manufacturers
Solid line: at least one unpatched vulnerability
Dashed line: all vulnerabilities on this path are patched

Android Browser Exploit WebKit

(json)

CVE numbers: CVE-2011-1202 [webkit-and4-nvd1], CVE-2012-2825 [webkit-and4-nvd2], CVE-2012-2871 [webkit-and4-nvd3]
Coordinated disclosure?: false
Categories: system
Details: A series of vulnerabilities in XSL in WebKit that allow denial of service and other effects [webkit-and4-nvd3]
Discovered by: Hacking Team [android-paper] on: Unknown
Reported on: 2011-02-22 [webkit-and4-redhat]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.0 to 4.3 [android-paper] regex: 4.[0-3].[0-9]
Affected devices: all [webkit-and4-nvd3]
Affected manufacturers: all [webkit-and4-nvd3]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

libperf_event

(json)

CVE numbers: CVE-2013-2094 [cve-mitre-libperf-event]
Coordinated disclosure?: false
Categories: kernel
Details: The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. [cve-mitre-libperf-event]
Discovered by: Hiroyuki Ikezoe [android-paper] on: Unknown
Reported on: Unknown
Fixed on: 2013-04-25 [linux-3-8-9-launchpad]
Fix released on: Unknown
Affected versions: 4.0 to 4.3.1 [android-paper] regex: (4.[0-2].[0-9])|(4.3.[0-1])
Affected devices: Nexus 4, and some Japanese models from HTC, Fujitsu, Sharp, Sony and LG models [android-paper]
Affected manufacturers: HTC [android-paper], Fujitsu [android-paper], Sharp [android-paper], Sony [android-paper], LG [android-paper]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

APK unchecked name

(json)

CVE numbers: ANDROID-9950697 [citation-needed]
Coordinated disclosure?: false
Categories: signature
Details: APK signature verification does not check name lengths correctly, creating a difference between how the zip files are verified compared with how they are extracted which allows files in an existing APK to be replaced with new files. [saurik-19] Exploited by RockMyMoto [androidpolice-rockmymoto]
Discovered by: Jay Freeman (saurik) [saurik-19], Elliott Hughes enh@google.com [android-issue-57851] on: 2013-06-30 [saurik-19]
Reported on: 2013-11-01 [saurik-19], 2013-11-01 [CydiaImpactor-396439244782067713]
Fixed on: 2013-07-21 [patch-unchecked-name]
Fix released on: Unknown
Affected versions: 4.3 and earlier [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.4 [patch-unchecked-name]
Submission: by: Daniel R. Thomas, on: 2013-11-14

keystore buffer

(json)

CVE numbers: CVE-2014-3100 [securityinteligence-keystore]
Coordinated disclosure?: true
Categories: system
Details: Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. [CVE-2014-3100]
Discovered by: Roee Hay (IBM) [securityinteligence-keystore] on: 2013-09-09 [keystore-patch]
Reported on: 2014-06-23 [securityinteligence-keystore]
Fixed on: 2013-09-09 [keystore-patch]
Fix released on: 2013-10-31 [android-4.4-release]
Affected versions: 4.3 [securityinteligence-keystore] regex: 4.3.[0-9]
Affected devices: all [securityinteligence-keystore]
Affected manufacturers: all [securityinteligence-keystore]
Fixed versions: 4.4 [keystore-patch]
Submission: by: Daniel R. Thomas, on: 2014-07-17; by: Laurent Simon, on: 2014-06-24

vold asec

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: system
Details: Insufficient paramter checking for asec container creation allows an asec container to be mounted over part of the filesystem using directory traversal if the app has the ASEC_* permissions such as ASEC_CREATE [cassidian-vold-asec] There is an adb tethered root explot for motorola phones [xda-developers-pie-exploit]
Discovered by: Justin Case (jcase) [android-paper] on: Unknown
Reported on: 2014-06-03 [cassidian-vold-asec]
Fixed on: 2014-01-27 [vold-asec-patch]
Fix released on: 2014-06-02 [android-4.4.3_r1]
Affected versions: 2.2.1_r1-4.4.2 [vold-asec-implementation][cassidian-vold-asec] regex: (2.((2.[1-9])|([3-9].[0-9])))|(3.[0-9].[0-9])|(4.(([0-3].[0-9])|(4.[0-2])))
Affected devices: Motorola devices [xda-developers-pie-exploit], Proper SEAndroid policies do block this, Nexus 5, Samsung S4/5/Note3, LG Flex, Sony Z2 devices etc should have this mitigated. Nexus 4 if it hasn't been updated to 4.4.3 nor reset since OTA to 4.4 [plus-jcase-pie]
Affected manufacturers: all [vold-asec-implementation]
Fixed versions: 4.4.3 [cassidian-vold-asec]
Submission: by: Daniel R. Thomas, on: 2014-07-16; by: Laurent Simon, on: 2014-06-04; by: Laurent Simon, on: 2015-10-09; by: Daniel Carter, on: 2019-07-08

Fake ID

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: signature
Details: The software does not properly validate an application's certificate chain. An application can supply a specially crafted application identity certificate to impersonate a privileged application and gain access to vendor-specific device administration extensions. The vulnerability resides in the createChain() and findCert() functions of the Android JarUtils class. [securitytracker-1030654] Google bug 13678484 [blackhat-briefing-fakeid]
Discovered by: Jeff Forristal of Bluebox [bluebox-fakeid] on: Unknown
Reported on: 2014-07-29 [ars-fake-id]
Fixed on: 2014-04-17 [fakeid-patch]
Fix released on: Unknown
Affected versions: 2.1 -- 4.4 [ars-fake-id] regex: (2.[1-9].[0-9])|(3.[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices:
Affected manufacturers: all [bluebox-fakeid]
Fixed versions: there is no single, specific “fixed” version of Android. In fact, multiple vendors are maintaining the same prior version number, and only patching the functionality. We have confirmed “fixed” versions existing within the ranges of 4.1, 4.2, 4.3, and 4.4 [bluebox-fakeid]
Submission: by: Khilan Gudka, on: 2014-07-29; by: Daniel R. Thomas, on: 2014-09-09; by: Jeff Forristal, on: 2014-09-11

TowelRoot

(json)

CVE numbers: CVE-2014-3153 [threatpost-towelroot][archived]
Coordinated disclosure?: true
Categories: kernel
Details: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. [CVE-2014-3153]
Discovered by: Pinkie Pie [DSA-2949-1] on: 2014-05-03 [CVE-2014-3153]
Reported on: 2014-06-05 [openwall-CVE-2014-3153]
Fixed on: 2014-06-03 [futex-patch]
Fix released on: Unknown
Affected versions: 4.4 and earlier [threatpost-towelroot][archived] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices:
Affected manufacturers: all [threatpost-towelroot][archived]
Fixed versions:
Submission:

ObjectInputStream deserializable

(json)

CVE numbers: CVE-2014-7911 [fulldisclosure-ois]
Coordinated disclosure?: true
Categories: system
Details: In Android <5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. That issue was fixed in Android 5.0. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be ignored or cast to a type to which it doesn't fit, implying that no methods will be called on it and no data from it will be used. However, when it is collected by the GC, the GC will call the object's finalize method. [fulldisclosure-ois] luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. [CVE-2014-7911] A POC local root exploit is available [CVE-2014-7911_poc]
Discovered by: Jann Horn [fulldisclosure-ois] on: 2014-06-22 [fulldisclosure-ois]
Reported on: 2014-11-14 [fulldisclosure-ois]
Fixed on: 2014-06-25 [ois-fix]
Fix released on: 2014-11-03 [citation-needed]
Affected versions: 1.0-4.4.4 [CVE-2014-7911] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices: all [fulldisclosure-ois]
Affected manufacturers: all [fulldisclosure-ois]
Fixed versions: 5.0.0 [CVE-2014-7911]
Submission: by: Jann Horn, on: 2014-12-14; by: Laurent Simon, on: 2015-03-12

Mediaserver code execution

(json)

CVE numbers: CVE-2014-7920 [mediaserver-blog][archived], CVE-2014-7921 [mediaserver-blog][archived]
Coordinated disclosure?: true
Categories: kernel, system
Details: Two vulnerabilities which allow arbitrary code execution in the mediaserver process [mediaserver-blog][archived]
Discovered by: Gal Beniamini (laginimaineb) [mediaserver-blog][archived] on: Unknown
Reported on: 2014-10-14 [mediaserver-blog][archived]
Fixed on: 2014-10-28 [mediaserver-commit]
Fix released on: 2014-12-04 [mediaserver-commit]
Affected versions: 2.2 to 5.0 [mediaserver-blog][archived] regex: (2.[2-9].[0-9])|([3-4].[0-9].[0-9])|(5.0.[0-9])
Affected devices: all [mediaserver-blog][archived]
Affected manufacturers: all [mediaserver-blog][archived]
Fixed versions: 5.1 [mediaserver-blog][archived]
Submission: by: Daniel Carter, on: 2019-07-09

dhcpd buffer overrun

(json)

CVE numbers: CVE-2014-7912 [dhcpd-fix], CVE-2014-7913 [dhcpd-fix]
Coordinated disclosure?: true
Categories: network
Details: The specific flaw exists within the parsing of the DHCP options in a DHCP ACK packet. The vulnerability is triggered when the LENGTH of an option, when added to the current read position, exceeds the actual length of the DHCP options buffer. An attacker can leverage this vulnerability to execute code on the device. [ZDI-15-093] This remote code execution vulnerability executes code as the dhcp user which limit's its severity [citation-needed]
Discovered by: Jüri Aedla [ZDI-15-093] on: 2014-11-13 [ZDI-15-093]
Reported on: 2015-03-12 [ZDI-15-093]
Fixed on: 2014-11-15 [dhcpd-fix]
Fix released on: Unknown
Affected versions: All versions below 5.1 [dhcpd-circl] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])
Affected devices: all [dhcpd-circl]
Affected manufacturers: all [dhcpd-circl]
Fixed versions: 5.1 [dhcpd-circl]
Submission: by: Laurent Simon, on: 2015-03-14; by: Daniel R. Thomas, on: 2015-03-24

CVE-2014-9028

(json)

CVE numbers: CVE-2014-9028 [Bulletin-CVE-2014-9028]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libFLAC
Details: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. [NIST-CVE-2014-9028]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2014-9028]
Fixed on: 2015-02-27 [2]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2014-9028] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9028]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3832

(json)

CVE numbers: CVE-2015-3832 [Bulletin-CVE-2015-3832]
Coordinated disclosure?: unknown
Categories: Buffer overflows in libstagefright MPEG4Extractor.cpp
Details: Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. [NIST-CVE-2015-3832]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3832]
Fixed on: 2015-04-01 [ANDROID-19641538]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3832] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3832]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1538

(json)

CVE numbers: CVE-2015-1538 [Bulletin-CVE-2015-1538]
Coordinated disclosure?: unknown
Categories: Integer overflows during MP4 atom processing
Details: Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. [NIST-CVE-2015-1538]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-1538]
Fixed on: 2015-04-08 [ANDROID-20139950]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-1538] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-1538]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1539

(json)

CVE numbers: CVE-2015-1539 [Bulletin-CVE-2015-1539]
Coordinated disclosure?: unknown
Categories: An integer underflow in ESDS processing
Details: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. [NIST-CVE-2015-1539]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-1539]
Fixed on: 2015-04-08 [ANDROID-20139950]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-1539] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-1539]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

Stagefright

(json)

CVE numbers: CVE-2015-1538 [nakedsecurity-stagefright], CVE-2015-1539 [nakedsecurity-stagefright], CVE-2015-3824 [nakedsecurity-stagefright], CVE-2015-3826 [nakedsecurity-stagefright], CVE-2015-3827 [nakedsecurity-stagefright], CVE-2015-3828 [nakedsecurity-stagefright], CVE-2015-3829 [nakedsecurity-stagefright]
Coordinated disclosure?: true
Categories: system, network
Details: Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data. [techworm-stagefright] Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device. [cert-kb-stagefright]
Discovered by: Joshua J. Drake [zimperium-stagefright] on: 2015-04-09 [techworm-stagefright]
Reported on: 2015-07-21 [zimperium-stagefright]
Fixed on: 2015-04-08 [stagefright-fix-2]
Fix released on: 2015-08-03 [androidpolice-sprint-update]
Affected versions: 2.2-5.1.0 [cert-kb-stagefright] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [cert-kb-stagefright]
Affected manufacturers: all [cert-kb-stagefright]
Fixed versions: 5.1.1_r9 [cert-kb-stagefright]
Submission: by: Laurent Simon, on: 2015-07-27

CVE-2015-3877

(json)

CVE numbers: CVE-2015-3877 [Bulletin-CVE-2015-3877]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Skia
Details: Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. [NIST-CVE-2015-3877]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3877]
Fixed on: 2015-04-16 [ANDROID-20723696]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3877] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3877]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3636

(json)

CVE numbers: CVE-2015-3636 [Bulletin-CVE-2015-3636]
Coordinated disclosure?: unknown
Categories: Elevation Privilege Vulnerability in Kernel
Details: The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. [NIST-CVE-2015-3636]
Discovered by: on: Unknown
Reported on: 2015-09-01 [Bulletin-CVE-2015-3636]
Fixed on: 2015-05-02 [ANDROID-20770158]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3636] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3636]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3824

(json)

CVE numbers: CVE-2015-3824 [Bulletin-CVE-2015-3824]
Coordinated disclosure?: unknown
Categories: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom
Details: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. [NIST-CVE-2015-3824]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3824]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3824] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3824]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3827

(json)

CVE numbers: CVE-2015-3827 [Bulletin-CVE-2015-3827]
Coordinated disclosure?: unknown
Categories: Integer underflow in libstagefright when processing MPEG4 covr atoms
Details: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. [NIST-CVE-2015-3827]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3827]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3827] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3827]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3867

(json)

CVE numbers: CVE-2015-3867 [Bulletin-CVE-2015-3867]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. [NIST-CVE-2015-3867]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3867]
Fixed on: 2015-05-08 [ANDROID-23213430]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3867] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3867]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3836

(json)

CVE numbers: CVE-2015-3836 [Bulletin-CVE-2015-3836]
Coordinated disclosure?: unknown
Categories: Buffer overflow in Sonivox Parse_wave
Details: The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. [NIST-CVE-2015-3836]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3836]
Fixed on: 2015-05-14 [ANDROID-21132860]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3836] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3836]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

One class to rule them all

(json)

CVE numbers: CVE-2015-3837 [CVE-2015-3837], CVE-2015-3825 [woot15-paper-peles], ANDROID-21437603 [woot15-paper-peles], ANDROID-21583849 [woot15-paper-peles]
Coordinated disclosure?: true
Categories: system
Details: This vulnerability allows for arbitrary code execution in the context of many apps and services and results in elevation of privileges. There is a Proof-of-Concept exploit against the Google Nexus 5 device, that achieves code execution inside the highly privileged system_server process, and then either replaces an existing arbitrary application on the device with our own malware app or changes the device’s SELinux policy. For some other devices, it is also possible to gain kernel code execution by loading an arbitrary kernel modules. This vulnerability was responsibly disclosed to the Android Security Team which tagged it as CVE-2015-3825 internally as ANDROID-21437603/ANDROID-21583849 and patched Android 4.4 / 5.x / M and Google Play Services. [woot15-paper-peles] CVE-2015-3825 is the wrong CVE number (duplicate), CVE-2015-3837 should be used instead [CVE-2015-3825] The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603. [CVE-2015-3837]
Discovered by: Or Peles and Roee Hay {orpeles,roeeh}@il.ibm.com [woot15-paper-peles] on: 2015-05-22 [woot15-paper-peles]
Reported on: 2015-06-01 [NexusSecurityBulletinAugust2015][archived]
Fixed on: 2015-05-28 [OneClassPatch]
Fix released on: 2015-08-05 [droid-life-5-1-1-lmy48i][archived]
Affected versions: 4.3-5.1, M (Preview 1) [woot15-paper-peles] regex: (4.[0-3].[0-9])|(4.4.[0-4])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.4, 5.x, M [woot15-paper-peles]
Submission: by: Laurent Simon, on: 2015-08-10; by: Roee Hay, on: 2015-10-14

CVE-2015-6601

(json)

CVE numbers: CVE-2015-6601 [Bulletin-CVE-2015-6601]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. [NIST-CVE-2015-6601]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6601]
Fixed on: 2015-06-04 [ANDROID-22935234]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6601] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6601]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3870

(json)

CVE numbers: CVE-2015-3870 [Bulletin-CVE-2015-3870]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. [NIST-CVE-2015-3870]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3870]
Fixed on: 2015-06-25 [ANDROID-22771132]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3870] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3870]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3823

(json)

CVE numbers: CVE-2015-3823 [Bulletin-CVE-2015-3823]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. [NIST-CVE-2015-3823]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3823]
Fixed on: 2015-07-16 [ANDROID-21335999]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3823] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3823]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3871

(json)

CVE numbers: CVE-2015-3871 [Bulletin-CVE-2015-3871]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. [NIST-CVE-2015-3871]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3871]
Fixed on: 2015-08-03 [ANDROID-23031033]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3871] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3871]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6600

(json)

CVE numbers: CVE-2015-6600 [Bulletin-CVE-2015-6600]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. [NIST-CVE-2015-6600]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6600]
Fixed on: 2015-08-04 [ANDROID-22882938]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6600] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6600]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3869

(json)

CVE numbers: CVE-2015-3869 [Bulletin-CVE-2015-3869]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. [NIST-CVE-2015-3869]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3869]
Fixed on: 2015-08-06 [ANDROID-23036083]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3869] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3869]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6617

(json)

CVE numbers: CVE-2015-6617 [Bulletin-CVE-2015-6617]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Skia
Details: Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. [NIST-CVE-2015-6617]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6617]
Fixed on: 2015-08-06 [ANDROID-23648740]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6617] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6617]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6617]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3864

(json)

CVE numbers: CVE-2015-3864 [Bulletin-CVE-2015-3864]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824. [NIST-CVE-2015-3864]
Discovered by: on: Unknown
Reported on: 2015-09-01 [Bulletin-CVE-2015-3864]
Fixed on: 2015-08-07 [ANDROID-23034759]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3864] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3864]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6604

(json)

CVE numbers: CVE-2015-6604 [Bulletin-CVE-2015-6604]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. [NIST-CVE-2015-6604]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6604]
Fixed on: 2015-08-12 [ANDROID-23129786]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6604] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6604]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6603

(json)

CVE numbers: CVE-2015-6603 [Bulletin-CVE-2015-6603]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. [NIST-CVE-2015-6603]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6603]
Fixed on: 2015-08-14 [ANDROID-23227354]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6603] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6603]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3876

(json)

CVE numbers: CVE-2015-3876 [Bulletin-CVE-2015-3876]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. [NIST-CVE-2015-3876]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3876]
Fixed on: 2015-08-15 [ANDROID-23285192]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3876] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3876]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

Stagefright2

(json)

CVE numbers: CVE-2015-6602 [zimperium-stagefright2], CVE-2015-3876 [android-security-october][archived]
Coordinated disclosure?: true
Categories: system, network
Details: Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright). Google assigned CVE-2015-6602 to vulnerability in libutils. [zimperium-stagefright2]
Discovered by: Joshua J. Drake [zimperium-stagefright2] on: 2015-08-15 [zimperium-stagefright2]
Reported on: 2015-10-01 [zimperium-stagefright2]
Fixed on: Unknown
Fix released on: 2015-10-05 [register-stagefright2]
Affected versions: 5.1 and below [android-security-october][archived] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [zimperium-stagefright2]
Affected manufacturers: all [zimperium-stagefright2]
Fixed versions: 5.1.1, LMY48T or later, LMY48W [android-security-october][archived]
Submission: by: Daniel R. Thomas, on: 2015-10-06; by: Laurent Simon, on: 2015-10-02; by: Alastair R. Beresford, on: 2015-10-01

CVE-2015-3868

(json)

CVE numbers: CVE-2015-3868 [Bulletin-CVE-2015-3868]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. [NIST-CVE-2015-3868]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3868]
Fixed on: 2015-08-18 [ANDROID-23270724]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3868] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3868]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3873

(json)

CVE numbers: CVE-2015-3873 [Bulletin-CVE-2015-3873]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. [NIST-CVE-2015-3873]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3873]
Fixed on: 2015-08-18 [ANDROID-23247055]
Fix released on: Unknown
Affected versions: 5.1 and below, 5.0 and 5.1 [Bulletin-CVE-2015-3873] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3873]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3875

(json)

CVE numbers: CVE-2015-3875 [Bulletin-CVE-2015-3875]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libutils
Details: libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. [NIST-CVE-2015-3875]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3875]
Fixed on: 2015-08-18 [ANDROID-22952485]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3875] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3875]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6598

(json)

CVE numbers: CVE-2015-6598 [Bulletin-CVE-2015-6598]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. [NIST-CVE-2015-6598]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6598]
Fixed on: 2015-08-18 [ANDROID-23306638]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6598] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6598]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3872

(json)

CVE numbers: CVE-2015-3872 [Bulletin-CVE-2015-3872]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. [NIST-CVE-2015-3872]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3872]
Fixed on: 2015-08-19 [ANDROID-23346388]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3872] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3872]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6602

(json)

CVE numbers: CVE-2015-6602 [Bulletin-CVE-2015-6602]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libutils
Details: libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. [NIST-CVE-2015-6602]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6602]
Fixed on: 2015-08-20 [ANDROID-23290056]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6602] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6602]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3874

(json)

CVE numbers: CVE-2015-3874 [Bulletin-CVE-2015-3874]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Sonivox
Details: The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. [NIST-CVE-2015-3874]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3874]
Fixed on: 2015-08-21 [2]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3874] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3874]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6599

(json)

CVE numbers: CVE-2015-6599 [Bulletin-CVE-2015-6599]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. [NIST-CVE-2015-6599]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6599]
Fixed on: 2015-08-21 [ANDROID-23416608]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6599] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6599]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6609

(json)

CVE numbers: CVE-2015-6609 [Bulletin-CVE-2015-6609]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in libutils
Details: libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. [NIST-CVE-2015-6609]
Discovered by: on: Unknown
Reported on: 2015-11-01 [Bulletin-CVE-2015-6609]
Fixed on: 2015-09-02 [ANDROID-22953624]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6609] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6609]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6619

(json)

CVE numbers: CVE-2015-6619 [Bulletin-CVE-2015-6619]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege in Kernel
Details: The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. [NIST-CVE-2015-6619]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6619]
Fixed on: 2015-09-22 [ANDROID-23520714]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6619] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6619]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6619]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6616

(json)

CVE numbers: CVE-2015-6616 [Bulletin-CVE-2015-6616]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Mediaserver
Details: mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and CVE-2015-8507. [NIST-CVE-2015-6616]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6616]
Fixed on: 2015-10-05 [ANDROID-24630158]
Fix released on: Unknown
Affected versions: 6.0 and below, 5.1 and below, 6.0 and below, 6.0 [Bulletin-CVE-2015-6616] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6616]
Fixed versions: 6.0 and below, 5.1 and below, 6.0 and below, 6.0 [Bulletin-CVE-2015-6616]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6634

(json)

CVE numbers: CVE-2015-6634 [Bulletin-CVE-2015-6634]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Display Driver
Details: The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261. [NIST-CVE-2015-6634]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6634]
Fixed on: 2015-10-16 [ANDROID-24163261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6634] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6634]
Fixed versions: 5.1 and below [Bulletin-CVE-2015-6634]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6633

(json)

CVE numbers: CVE-2015-6633 [Bulletin-CVE-2015-6633]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Display Driver
Details: The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. [NIST-CVE-2015-6633]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6633]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6633] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6633]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6633]
Submission: by: Daniel Carter, on: 2019-07-29

dirtyc0w

(json)

CVE numbers: CVE-2016-5195 [dirtyc0w-redhat]
Coordinated disclosure?: false
Categories: kernel
Details: A race condition in the Linux kernel's handling of copy-on-write (COW) operations means that users can gain write access to otherwise read-only areas of memory and gain permissions [dirtyc0w-redhat]
Discovered by: Phil Oester [dirtyc0w-redhat] on: Unknown
Reported on: 2016-10-13 [dirtyc0w-bugzilla]
Fixed on: 2016-10-18 [dirtyc0w-github][archived]
Fix released on: 2016-11-06 [dirtyc0w-bulletin]
Affected versions: 1.0 to 7.0 [dirtyc0w-arstechnica][archived] regex: ([1-6].[0-9].[0-9])|(7.0.[0-9])
Affected devices: all [dirtyc0w-arstechnica][archived]
Affected manufacturers: all [dirtyc0w-arstechnica][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09