all

sock_sendpage

(json)

CVE numbers: CVE-2009-2692 [vulmon]
Coordinated disclosure?: false
Categories: kernel
Details: A vulnerability in the kernel allows local users to gain privileges due to function pointers not being initialised. [vulmon] According to one source, Android versions up to 3.2.6 are vulnerable [android-paper]
Discovered by: Tavis Ormandy and Julien Tinnes [cr0][archived] on: Unknown
Reported on: 2009-08-13 [cr0][archived]
Fixed on: 2009-08-13 [linux-commit]
Fix released on: Unknown
Affected versions: Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4 [cve-mitre-sock-sendpage], Android up to 2.1 [cve-mitre-sock-sendpage] regex: (1.[0-9].[0-9])|(2.[0-1].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-03

WebKit Use-After-Free

(json)

CVE numbers: CVE-2010-1119 [citation-needed]
Coordinated disclosure?: unknown
Categories: system, app
Details: A vulnerability in the WebKit browser engine allows a malicious webpage to perform remote code execution [webkit-use-after-free-exploit-db]
Discovered by: MJ Keith [webkit-use-after-free-exploit-db] on: 2011-03-11 [webkit-use-after-free-exploit-db]
Reported on: Unknown
Fixed on: Unknown
Fix released on: 2010-05-20 [citation-needed]
Affected versions: 2.0-2.1.1 [webkit-use-after-free-exploit-db] regex: (2.0.[0-9])|(2.1.[0-1])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.2 [citation-needed]
Submission: by: Daniel Carter, on: 2019-07-03

KillingInTheNameOf psneuter ashmem

(json)

CVE numbers: CVE-2011-1149 [citation-needed]
Coordinated disclosure?: false
Categories: system, kernel
Details: Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges [citation-needed]
Discovered by: on: Unknown
Reported on: 2011-01-06 [c-skills-adb-trickery][archived]
Fixed on: 2010-07-13 [ashmem-fix-core], 2010-07-15 [ashmem-fix-kernel]
Fix released on: 2010-12-06 [citation-needed]
Affected versions: 1.5 -- 2.2.2 [citation-needed] regex: (1.[5-9].[0-9])|(2.(([0-1].[0-9])|(2.[0-9])))
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3 [citation-needed]
Submission: by: Daniel R. Thomas, on: 2013-09-04

exploid udev

(json)

CVE numbers: CVE-2009-1185 [citation-needed]
Coordinated disclosure?: false
Categories: kernel
Details: udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. [CVE-2009-1185]
Discovered by: Sebastian ??? [c-skills-android-trickery][archived] on: 2010-07-15 [c-skills-android-trickery][archived]
Reported on: 2010-07-15 [c-skills-android-trickery][archived]
Fixed on: 2011-04-18 [netd-udev-fix]
Fix released on: 2011-07-25 [sprint-2.3.5-release#0][sprint-2.3.5-release#1]
Affected versions: 1.0-2.3.4 [citation-needed] regex: (1.[0-9].[0-9])|(2.(([0-2].[0-9])|(3.[0-4])))
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.5_r1 [netd-udev-fix]
Submission: by: Daniel R. Thomas, on: 2013-09-04

RageAgainstTheCage adb

(json)

CVE numbers: CVE-2010-EASY [intrepidus-looking-at-c-skills][archived]
Coordinated disclosure?: false
Categories: system
Details: adb fails to check setuid return code and this can be caused to fail by the shell user already having RLIMIT_NPROC processes. [citation-needed]
Discovered by: Sebastian Krahmer [thesnkchrmr-ratc][archived] on: 2010-08-21 [c-skills-droid2][archived]
Reported on: Unknown
Fixed on: 2010-08-27 [rageagainstthecage-adb-patch]
Fix released on: Unknown
Affected versions: 1.6_r1-2.2_r1 [adb-setuid-bug-patch] regex: (1.[6-9].[0-9])|(2.((1.[0-9])|(2.0)))
Affected devices: Droid2, backflip and evo [c-skills-droid2][archived]
Affected manufacturers: all [rageagainstthecage-adb-patch]
Fixed versions: 2.2.2 and greater [android-security-2010-EASY-patches][archived], 2.2_r8, 2.3_r1 [rageagainstthecage-adb-patch]
Submission: by: Daniel R. Thomas, on: 2013-09-05

RageAgainstTheCage zygote

(json)

CVE numbers: ANDROID-3176774 [citation-needed]
Coordinated disclosure?: false
Categories: system
Details: Also known as Zimperlich [c-skills-zimperlich][archived]
Discovered by: on: Unknown
Reported on: Unknown
Fixed on: 2010-08-30 [dalvik-zygote], 2010-11-08 [dalvik-zygote-cherry]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.1_r1 [dalvik-zygote]
Submission: by: Daniel R. Thomas, on: 2013-09-06

Use-After-Free Remote

(json)

CVE numbers: CVE-2010-1807 [webkit-use-after-free-mitre]
Coordinated disclosure?: false
Categories: system
Details: WebKit does not properly validate floating-point data in Android versions prior to 2.2, which allows a remote arbitrary code execution attack to occur through a crafted HTML page [webkit-use-after-free-mitre]
Discovered by: Itzhak Avraham [exploit-db-webkit-use-after-free] on: Unknown
Reported on: 2010-11-14 [exploit-db-webkit-use-after-free]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: Up to 2.2 [exploit-db-webkit-use-after-free] regex: (1.[0-9].[0-9])|(2.[0-1].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.2 [citation-needed]
Submission: by: Daniel Carter, on: 2019-06-28

Android Browser Exploit WebKit

(json)

CVE numbers: CVE-2011-1202 [webkit-and4-nvd1], CVE-2012-2825 [webkit-and4-nvd2], CVE-2012-2871 [webkit-and4-nvd3]
Coordinated disclosure?: false
Categories: system
Details: A series of vulnerabilities in XSL in WebKit that allow denial of service and other effects [webkit-and4-nvd3]
Discovered by: Hacking Team [android-paper] on: Unknown
Reported on: 2011-02-22 [webkit-and4-redhat]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.0 to 4.3 [android-paper] regex: 4.[0-3].[0-9]
Affected devices: all [webkit-and4-nvd3]
Affected manufacturers: all [webkit-and4-nvd3]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

levitator

(json)

CVE numbers: CVE-2011-1350 [citation-needed], CVE-2011-1352 [citation-needed]
Coordinated disclosure?: true
Categories: kernel
Details: Improper bounds checking in the PowerVR driver as used in versions of Android prior to 2.3.6 when copying user data to kernel memory allows a malicious local application to write to the same area of memory referenced in CVE-2011-1350, potentially allowing for arbitrary code execution and privilege escalation. [citation-needed]
Discovered by: Geremy Condra [security-focus-57900][archived] on: 2011-03-10 [CVE-2011-1350]
Reported on: Unknown
Fixed on: Unknown
Fix released on: 2011-09-02 [w-ard-ver-hist], 2011-09-29 [tag-android-2.3.6_r1]
Affected versions: 1.0 -- 2.3.5 [citation-needed] regex: (1.[0-9].[0-9])|(2.(([0-2].[0-9])|(3.[0-5])))
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.6 [citation-needed]
Submission: by: Daniel R. Thomas, on: 2013-09-02

Gingerbreak

(json)

CVE numbers: CVE-2011-1823 [CVE-2011-1823]
Coordinated disclosure?: false
Categories: system
Details: The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges [citation-needed]
Discovered by: The Android Exploid Crew [citation-needed] on: Unknown
Reported on: 2011-04-21 [c-skills-gingerbreak][archived], 2011-04-21 [xda-forum-gingerbreak]
Fixed on: 2011-04-18 [patch-vold-gingerbreak], 2011-04-18 [patch-netd-gingerbreak], 2011-04-18 [patch-core-gingerbreak]
Fix released on: 2011-04-29 [productforums-ard-2.3.4]
Affected versions: 2.2, 2.3, 2.3.1, 3.0 [citation-needed] regex: (2.(([0-2].[0-9])|(3.[0-3])))|(3.0.[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.4 [tag-android-2.3.4_r1], 3.1 [ard-dev-3.1-release][archived]
Submission: by: Daniel R. Thomas, on: 2013-09-02

Browser Cross-App Scripting

(json)

CVE numbers: CVE-2011-2357 [watchfire-crossapp][archived]
Coordinated disclosure?: true
Categories: app
Details: Android browser could be tricked into running javascript in the domain of a different app [watchfire-crossapp][archived]
Discovered by: Roee Hay and Yair Amit of the IBM Rational Application Security Research Group [citation-needed] on: Unknown
Reported on: 2011-07-31 [watchfire-crossapp][archived]
Fixed on: 2011-06-20 [browser-fix]
Fix released on: Unknown
Affected versions: 2.3.4, 3.1 [watchfire-crossapp][archived] regex:
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.5, 3.2 [citation-needed]
Submission: by: Roee Hay, on: 2015-10-15

zergRush

(json)

CVE numbers: CVE-2011-3874 [citation-needed]
Coordinated disclosure?: false
Categories: system
Details: [android-issue-21681]
Discovered by: The Revolutionary development team [citation-needed] on: 2011-10-06 [github-zergrush]
Reported on: 2011-11-09 [android-issue-21681]
Fixed on: 2011-11-09 [android-issue-21681]
Fix released on: 2011-11-21 [tag-android-2.2.3_r1]
Affected versions: Android 2.2.x up to and including to 2.2.2, Android 2.3.x up to and including to 2.3.6 [citation-needed] regex: 2.(([0-1].[0-9])|(2.[0-2])|(3.[0-6]))
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.2.3, 2.3.7, 3.x+ [citation-needed]
Submission: by: Daniel R. Thomas, on: 2013-08-28

JavaScript to Java

(json)

CVE numbers: CVE-2012-6636 [js-to-java-cve]
Coordinated disclosure?: unknown
Categories: system
Details: The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710. [js-to-java-cve]
Discovered by: on: Unknown
Reported on: 2012-12-21 [d3adend-js-to-java][archived]
Fixed on: Unknown
Fix released on: 2012-10-29 [js-to-java-paper]
Affected versions: 4.1 and below [d3adend-js-to-java][archived] regex: ([1-3].[0-9].[0-9])|(4.[0-1].[0-9])
Affected devices: all [js-to-java-paper]
Affected manufacturers: all [js-to-java-paper]
Fixed versions: 4.2 and above (additional fix in 4.4.3 [js-to-java-paper]
Submission: by: Daniel Carter, on: 2019-07-30

APK duplicate file

(json)

CVE numbers: ANDROID-8219321 [citation-needed], CVE-2013-4787 [citation-needed]
Coordinated disclosure?: true
Categories: signature
Details: Android does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature. Android security bug 8219321. [citation-needed]
Discovered by: Jeff Forristal of Bluebox security [bluebox-master-key][archived] on: 2013-02-18 [bluebox-master-key][archived]
Reported on: 2013-07-03 [bluebox-master-key][archived]
Fixed on: 2013-02-18 [patch-apk-dup-file]
Fix released on: 2013-07-24 [verge-android-4.3]
Affected versions: 1.6-4.2 [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-2].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.3_r0.9 [patch-apk-dup-file]
Submission: by: Daniel R. Thomas, on: 2013-09-02

APK unchecked name

(json)

CVE numbers: ANDROID-9950697 [citation-needed]
Coordinated disclosure?: false
Categories: signature
Details: APK signature verification does not check name lengths correctly, creating a difference between how the zip files are verified compared with how they are extracted which allows files in an existing APK to be replaced with new files. [saurik-19] Exploited by RockMyMoto [androidpolice-rockmymoto]
Discovered by: Jay Freeman (saurik) [saurik-19], Elliott Hughes enh@google.com [android-issue-57851] on: 2013-06-30 [saurik-19]
Reported on: 2013-11-01 [saurik-19], 2013-11-01 [CydiaImpactor-396439244782067713]
Fixed on: 2013-07-21 [patch-unchecked-name]
Fix released on: Unknown
Affected versions: 4.3 and earlier [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.4 [patch-unchecked-name]
Submission: by: Daniel R. Thomas, on: 2013-11-14

APK unsigned shorts

(json)

CVE numbers: ANDROID-9695860 [citation-needed]
Coordinated disclosure?: true
Categories: signature
Details: File offsets in zips are supposed to be unsigned but were interpreted as signed allowing different content to be verified from the content executed. [citation-needed]
Discovered by: on: Unknown
Reported on: 2013-07-10 [sina-shorts], 2013-07-10 [ard-police-shorts]
Fixed on: 2013-07-03 [patch-unsigned-shorts]
Fix released on: 2013-07-24 [verge-android-4.3]
Affected versions: 1.6-4.2 [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-2].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.3_r1 [patch-unsigned-shorts]
Submission: by: Daniel R. Thomas, on: 2013-09-04

keystore buffer

(json)

CVE numbers: CVE-2014-3100 [securityinteligence-keystore]
Coordinated disclosure?: true
Categories: system
Details: Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. [CVE-2014-3100]
Discovered by: Roee Hay (IBM) [securityinteligence-keystore] on: 2013-09-09 [keystore-patch]
Reported on: 2014-06-23 [securityinteligence-keystore]
Fixed on: 2013-09-09 [keystore-patch]
Fix released on: 2013-10-31 [android-4.4-release]
Affected versions: 4.3 [securityinteligence-keystore] regex: 4.3.[0-9]
Affected devices: all [securityinteligence-keystore]
Affected manufacturers: all [securityinteligence-keystore]
Fixed versions: 4.4 [keystore-patch]
Submission: by: Daniel R. Thomas, on: 2014-07-17; by: Laurent Simon, on: 2014-06-24

vold asec

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: system
Details: Insufficient paramter checking for asec container creation allows an asec container to be mounted over part of the filesystem using directory traversal if the app has the ASEC_* permissions such as ASEC_CREATE [cassidian-vold-asec] There is an adb tethered root explot for motorola phones [xda-developers-pie-exploit]
Discovered by: Justin Case (jcase) [android-paper] on: Unknown
Reported on: 2014-06-03 [cassidian-vold-asec]
Fixed on: 2014-01-27 [vold-asec-patch]
Fix released on: 2014-06-02 [android-4.4.3_r1]
Affected versions: 2.2.1_r1-4.4.2 [vold-asec-implementation][cassidian-vold-asec] regex: (2.((2.[1-9])|([3-9].[0-9])))|(3.[0-9].[0-9])|(4.(([0-3].[0-9])|(4.[0-2])))
Affected devices: Motorola devices [xda-developers-pie-exploit], Proper SEAndroid policies do block this, Nexus 5, Samsung S4/5/Note3, LG Flex, Sony Z2 devices etc should have this mitigated. Nexus 4 if it hasn't been updated to 4.4.3 nor reset since OTA to 4.4 [plus-jcase-pie]
Affected manufacturers: all [vold-asec-implementation]
Fixed versions: 4.4.3 [cassidian-vold-asec]
Submission: by: Daniel R. Thomas, on: 2014-07-16; by: Laurent Simon, on: 2014-06-04; by: Laurent Simon, on: 2015-10-09; by: Daniel Carter, on: 2019-07-08

Fake ID

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: signature
Details: The software does not properly validate an application's certificate chain. An application can supply a specially crafted application identity certificate to impersonate a privileged application and gain access to vendor-specific device administration extensions. The vulnerability resides in the createChain() and findCert() functions of the Android JarUtils class. [securitytracker-1030654] Google bug 13678484 [blackhat-briefing-fakeid]
Discovered by: Jeff Forristal of Bluebox [bluebox-fakeid] on: Unknown
Reported on: 2014-07-29 [ars-fake-id]
Fixed on: 2014-04-17 [fakeid-patch]
Fix released on: Unknown
Affected versions: 2.1 -- 4.4 [ars-fake-id] regex: (2.[1-9].[0-9])|(3.[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices:
Affected manufacturers: all [bluebox-fakeid]
Fixed versions: there is no single, specific “fixed” version of Android. In fact, multiple vendors are maintaining the same prior version number, and only patching the functionality. We have confirmed “fixed” versions existing within the ranges of 4.1, 4.2, 4.3, and 4.4 [bluebox-fakeid]
Submission: by: Khilan Gudka, on: 2014-07-29; by: Daniel R. Thomas, on: 2014-09-09; by: Jeff Forristal, on: 2014-09-11

pty race

(json)

CVE numbers: CVE-2014-0196 [includesecurity-pty-race]
Coordinated disclosure?: true
Categories: kernel
Details: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. [nvd-CVE-2014-0196] Taking a look at the git history of the Linux kernel it turns out that all kernels between c56a00a165712fd73081f40044b1e64407bb1875 (march 2012) and 64325a3be08d364a62ee8f84b2cf86934bc2544a (january 2013) are not affected by this vuln as tty_insert_flip_string_fixed_flag() was internally locked there. [includesecurity-pty-race] Fixed from 4291086b1f081b869c6d79e5b7441633dc3ace00 and present from d945cb9cce20ac7143c2de8d88b187f62db99bdc [pty-race-patch]
Discovered by: Jiri Slaby jslaby@suse.cz [pty-race-patch] on: 2014-04-29 [novel-pty-race-bug]
Reported on: 2014-04-30 [novel-pty-race-bug], 2014-05-05 [openwall-pty-race]
Fixed on: 2014-04-29 [openwall-pty-race]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [includesecurity-pty-race]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2014-09-17

TowelRoot

(json)

CVE numbers: CVE-2014-3153 [threatpost-towelroot][archived]
Coordinated disclosure?: true
Categories: kernel
Details: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. [CVE-2014-3153]
Discovered by: Pinkie Pie [DSA-2949-1] on: 2014-05-03 [CVE-2014-3153]
Reported on: 2014-06-05 [openwall-CVE-2014-3153]
Fixed on: 2014-06-03 [futex-patch]
Fix released on: Unknown
Affected versions: 4.4 and earlier [threatpost-towelroot][archived] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices:
Affected manufacturers: all [threatpost-towelroot][archived]
Fixed versions:
Submission:

CVE-2014-9914

(json)

CVE numbers: CVE-2014-9914 [Bulletin-CVE-2014-9914]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. [NIST-CVE-2014-9914]
Discovered by: on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2014-9914]
Fixed on: 2014-06-10 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9914]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

ObjectInputStream deserializable

(json)

CVE numbers: CVE-2014-7911 [fulldisclosure-ois]
Coordinated disclosure?: true
Categories: system
Details: In Android <5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. That issue was fixed in Android 5.0. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be ignored or cast to a type to which it doesn't fit, implying that no methods will be called on it and no data from it will be used. However, when it is collected by the GC, the GC will call the object's finalize method. [fulldisclosure-ois] luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. [CVE-2014-7911] A POC local root exploit is available [CVE-2014-7911_poc]
Discovered by: Jann Horn [fulldisclosure-ois] on: 2014-06-22 [fulldisclosure-ois]
Reported on: 2014-11-14 [fulldisclosure-ois]
Fixed on: 2014-06-25 [ois-fix]
Fix released on: 2014-11-03 [citation-needed]
Affected versions: 1.0-4.4.4 [CVE-2014-7911] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices: all [fulldisclosure-ois]
Affected manufacturers: all [fulldisclosure-ois]
Fixed versions: 5.0.0 [CVE-2014-7911]
Submission: by: Jann Horn, on: 2014-12-14; by: Laurent Simon, on: 2015-03-12

CVE-2015-6640

(json)

CVE numbers: CVE-2015-6640 [Bulletin-CVE-2015-6640]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Kernel
Details: The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. [NIST-CVE-2015-6640]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6640]
Fixed on: 2014-08-05 [ANDROID-20017123]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0 [Bulletin-CVE-2015-6640] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6640]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0 [Bulletin-CVE-2015-6640]
Submission: by: Daniel Carter, on: 2019-07-29

prctl_set_vma_anon_name

(json)

CVE numbers: CVE-2015-6640 [prctl-vma-bulletin]
Coordinated disclosure?: true
Categories: kernel
Details: An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel [prctl-vma-bulletin]
Discovered by: Edward Huang [android-paper] on: Unknown
Reported on: Unknown
Fixed on: 2014-08-05 [prctl-vma-commit]
Fix released on: 2014-08-12 [prctl-vma-commit]
Affected versions: 4.4.4 to 6.0 [prctl-vma-bulletin] regex: (4.[4-9].[4-9])|(5.[0-9].[0-9])|(6.0.[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

CVE-2014-6060

(json)

CVE numbers: CVE-2014-6060 [Bulletin-CVE-2014-6060]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in DHCPCD
Details: The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. [NIST-CVE-2014-6060]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2014-6060]
Fixed on: 2014-08-15 [ANDROID-16677003]
Fix released on: Unknown
Affected versions: 4.4.4 [Bulletin-CVE-2014-6060] regex: (4.4.4)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-6060]
Fixed versions: 4.4.4 [Bulletin-CVE-2014-6060]
Submission: by: Daniel Carter, on: 2019-07-29

Mediaserver code execution

(json)

CVE numbers: CVE-2014-7920 [mediaserver-blog][archived], CVE-2014-7921 [mediaserver-blog][archived]
Coordinated disclosure?: true
Categories: kernel, system
Details: Two vulnerabilities which allow arbitrary code execution in the mediaserver process [mediaserver-blog][archived]
Discovered by: Gal Beniamini (laginimaineb) [mediaserver-blog][archived] on: Unknown
Reported on: 2014-10-14 [mediaserver-blog][archived]
Fixed on: 2014-10-28 [mediaserver-commit]
Fix released on: 2014-12-04 [mediaserver-commit]
Affected versions: 2.2 to 5.0 [mediaserver-blog][archived] regex: (2.[2-9].[0-9])|([3-4].[0-9].[0-9])|(5.0.[0-9])
Affected devices: all [mediaserver-blog][archived]
Affected manufacturers: all [mediaserver-blog][archived]
Fixed versions: 5.1 [mediaserver-blog][archived]
Submission: by: Daniel Carter, on: 2019-07-09

dhcpd buffer overrun

(json)

CVE numbers: CVE-2014-7912 [dhcpd-fix], CVE-2014-7913 [dhcpd-fix]
Coordinated disclosure?: true
Categories: network
Details: The specific flaw exists within the parsing of the DHCP options in a DHCP ACK packet. The vulnerability is triggered when the LENGTH of an option, when added to the current read position, exceeds the actual length of the DHCP options buffer. An attacker can leverage this vulnerability to execute code on the device. [ZDI-15-093] This remote code execution vulnerability executes code as the dhcp user which limit's its severity [citation-needed]
Discovered by: Jüri Aedla [ZDI-15-093] on: 2014-11-13 [ZDI-15-093]
Reported on: 2015-03-12 [ZDI-15-093]
Fixed on: 2014-11-15 [dhcpd-fix]
Fix released on: Unknown
Affected versions: All versions below 5.1 [dhcpd-circl] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])
Affected devices: all [dhcpd-circl]
Affected manufacturers: all [dhcpd-circl]
Fixed versions: 5.1 [dhcpd-circl]
Submission: by: Laurent Simon, on: 2015-03-14; by: Daniel R. Thomas, on: 2015-03-24

CVE-2014-9322

(json)

CVE numbers: CVE-2014-9322 [Bulletin-CVE-2014-9322]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Kernel
Details: arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. [NIST-CVE-2014-9322]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2014-9322]
Fixed on: 2014-12-04 [11]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2014-9322] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9322]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2014-9322]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9529

(json)

CVE numbers: CVE-2014-9529 [Bulletin-CVE-2014-9529]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel security subsystem
Details: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. [NIST-CVE-2014-9529]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2014-9529]
Fixed on: 2014-12-29 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9529]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

pipe inatomic

(json)

CVE numbers: CVE-2015-1805 [CVE-2015-1805]
Coordinated disclosure?: true
Categories: kernel
Details: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun.' [CVE-2015-1805] This is a known issue in the upstream Linux kernel that was fixed in April 2014 but wasn’t called out as a security fix and assigned CVE-2015-1805 until February 2, 2015. On February 19, 2016, C0RE Team notified Google that the issue could be exploited on Android and a patch was developed to be included in an upcoming regularly scheduled monthly update. On March 15, 2016 Google received a report from Zimperium that this vulnerability had been abused on a Nexus 5 device. Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges. [android-advisory-2016-03-18]
Discovered by: Red Hat [redhatbug-1202855] on: 2015-02-02 [android-advisory-2016-03-18], 2015-03-17 [redhatbug-1202855]
Reported on: 2015-06-06 [openwall-2015-06-06-2]
Fixed on: 2015-06-16 [pipe-inatomic-patch3.4]
Fix released on: Unknown
Affected versions: Kernel versions 3.4, 3.10 and 3.14 [android-advisory-2016-03-18] regex:
Affected devices: all [android-advisory-2016-03-18]
Affected manufacturers: all [citation-needed]
Fixed versions: Kernel versions from 3.18 and patched kernels [android-advisory-2016-03-18]
Submission: by: Daniel R. Thomas, on: 2016-03-21

CVE-2014-9028

(json)

CVE numbers: CVE-2014-9028 [Bulletin-CVE-2014-9028]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libFLAC
Details: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. [NIST-CVE-2014-9028]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2014-9028]
Fixed on: 2015-02-27 [2]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2014-9028] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9028]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-2686

(json)

CVE numbers: CVE-2015-2686 [Bulletin-CVE-2015-2686]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking component
Details: net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. [NIST-CVE-2015-2686]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2015-2686]
Fixed on: 2015-03-20 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-2686]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3832

(json)

CVE numbers: CVE-2015-3832 [Bulletin-CVE-2015-3832]
Coordinated disclosure?: unknown
Categories: Buffer overflows in libstagefright MPEG4Extractor.cpp
Details: Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. [NIST-CVE-2015-3832]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3832]
Fixed on: 2015-04-01 [ANDROID-19641538]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3832] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3832]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1538

(json)

CVE numbers: CVE-2015-1538 [Bulletin-CVE-2015-1538]
Coordinated disclosure?: unknown
Categories: Integer overflows during MP4 atom processing
Details: Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. [NIST-CVE-2015-1538]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-1538]
Fixed on: 2015-04-08 [ANDROID-20139950]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-1538] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-1538]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1539

(json)

CVE numbers: CVE-2015-1539 [Bulletin-CVE-2015-1539]
Coordinated disclosure?: unknown
Categories: An integer underflow in ESDS processing
Details: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. [NIST-CVE-2015-1539]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-1539]
Fixed on: 2015-04-08 [ANDROID-20139950]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-1539] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-1539]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

Stagefright

(json)

CVE numbers: CVE-2015-1538 [nakedsecurity-stagefright], CVE-2015-1539 [nakedsecurity-stagefright], CVE-2015-3824 [nakedsecurity-stagefright], CVE-2015-3826 [nakedsecurity-stagefright], CVE-2015-3827 [nakedsecurity-stagefright], CVE-2015-3828 [nakedsecurity-stagefright], CVE-2015-3829 [nakedsecurity-stagefright]
Coordinated disclosure?: true
Categories: system, network
Details: Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data. [techworm-stagefright] Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device. [cert-kb-stagefright]
Discovered by: Joshua J. Drake [zimperium-stagefright] on: 2015-04-09 [techworm-stagefright]
Reported on: 2015-07-21 [zimperium-stagefright]
Fixed on: 2015-04-08 [stagefright-fix-2]
Fix released on: 2015-08-03 [androidpolice-sprint-update]
Affected versions: 2.2-5.1.0 [cert-kb-stagefright] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [cert-kb-stagefright]
Affected manufacturers: all [cert-kb-stagefright]
Fixed versions: 5.1.1_r9 [cert-kb-stagefright]
Submission: by: Laurent Simon, on: 2015-07-27

CVE-2015-3877

(json)

CVE numbers: CVE-2015-3877 [Bulletin-CVE-2015-3877]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Skia
Details: Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. [NIST-CVE-2015-3877]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3877]
Fixed on: 2015-04-16 [ANDROID-20723696]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3877] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3877]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3636

(json)

CVE numbers: CVE-2015-3636 [Bulletin-CVE-2015-3636]
Coordinated disclosure?: unknown
Categories: Elevation Privilege Vulnerability in Kernel
Details: The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. [NIST-CVE-2015-3636]
Discovered by: on: Unknown
Reported on: 2015-09-01 [Bulletin-CVE-2015-3636]
Fixed on: 2015-05-02 [ANDROID-20770158]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3636] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3636]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3824

(json)

CVE numbers: CVE-2015-3824 [Bulletin-CVE-2015-3824]
Coordinated disclosure?: unknown
Categories: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom
Details: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. [NIST-CVE-2015-3824]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3824]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3824] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3824]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3827

(json)

CVE numbers: CVE-2015-3827 [Bulletin-CVE-2015-3827]
Coordinated disclosure?: unknown
Categories: Integer underflow in libstagefright when processing MPEG4 covr atoms
Details: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. [NIST-CVE-2015-3827]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3827]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3827] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3827]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3828

(json)

CVE numbers: CVE-2015-3828 [Bulletin-CVE-2015-3828]
Coordinated disclosure?: unknown
Categories: Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata
Details: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. [NIST-CVE-2015-3828]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3828]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.0 and above [Bulletin-CVE-2015-3828] regex: 5.[0-1].[0-9]
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3828]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3829

(json)

CVE numbers: CVE-2015-3829 [Bulletin-CVE-2015-3829]
Coordinated disclosure?: unknown
Categories: Integer overflow in libstagefright processing MPEG4 covr atoms when chunk_data_size is SIZE_MAX
Details: Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. [NIST-CVE-2015-3829]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3829]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.0 and above [Bulletin-CVE-2015-3829] regex: 5.[0-1].[0-9]
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3829]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3867

(json)

CVE numbers: CVE-2015-3867 [Bulletin-CVE-2015-3867]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. [NIST-CVE-2015-3867]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3867]
Fixed on: 2015-05-08 [ANDROID-23213430]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3867] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3867]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-5706

(json)

CVE numbers: CVE-2015-5706 [Bulletin-CVE-2015-5706]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. [NIST-CVE-2015-5706]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2015-5706]
Fixed on: 2015-05-08 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-5706]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-3836

(json)

CVE numbers: CVE-2015-3836 [Bulletin-CVE-2015-3836]
Coordinated disclosure?: unknown
Categories: Buffer overflow in Sonivox Parse_wave
Details: The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. [NIST-CVE-2015-3836]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3836]
Fixed on: 2015-05-14 [ANDROID-21132860]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3836] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3836]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

One class to rule them all

(json)

CVE numbers: CVE-2015-3837 [CVE-2015-3837], CVE-2015-3825 [woot15-paper-peles], ANDROID-21437603 [woot15-paper-peles], ANDROID-21583849 [woot15-paper-peles]
Coordinated disclosure?: true
Categories: system
Details: This vulnerability allows for arbitrary code execution in the context of many apps and services and results in elevation of privileges. There is a Proof-of-Concept exploit against the Google Nexus 5 device, that achieves code execution inside the highly privileged system_server process, and then either replaces an existing arbitrary application on the device with our own malware app or changes the device’s SELinux policy. For some other devices, it is also possible to gain kernel code execution by loading an arbitrary kernel modules. This vulnerability was responsibly disclosed to the Android Security Team which tagged it as CVE-2015-3825 internally as ANDROID-21437603/ANDROID-21583849 and patched Android 4.4 / 5.x / M and Google Play Services. [woot15-paper-peles] CVE-2015-3825 is the wrong CVE number (duplicate), CVE-2015-3837 should be used instead [CVE-2015-3825] The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603. [CVE-2015-3837]
Discovered by: Or Peles and Roee Hay {orpeles,roeeh}@il.ibm.com [woot15-paper-peles] on: 2015-05-22 [woot15-paper-peles]
Reported on: 2015-06-01 [NexusSecurityBulletinAugust2015][archived]
Fixed on: 2015-05-28 [OneClassPatch]
Fix released on: 2015-08-05 [droid-life-5-1-1-lmy48i][archived]
Affected versions: 4.3-5.1, M (Preview 1) [woot15-paper-peles] regex: (4.[0-3].[0-9])|(4.4.[0-4])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.4, 5.x, M [woot15-paper-peles]
Submission: by: Laurent Simon, on: 2015-08-10; by: Roee Hay, on: 2015-10-14

CVE-2015-6601

(json)

CVE numbers: CVE-2015-6601 [Bulletin-CVE-2015-6601]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. [NIST-CVE-2015-6601]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6601]
Fixed on: 2015-06-04 [ANDROID-22935234]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6601] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6601]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3870

(json)

CVE numbers: CVE-2015-3870 [Bulletin-CVE-2015-3870]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. [NIST-CVE-2015-3870]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3870]
Fixed on: 2015-06-25 [ANDROID-22771132]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3870] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3870]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3288

(json)

CVE numbers: CVE-2015-3288 [Bulletin-CVE-2015-3288]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel memory subsystem
Details: mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. [NIST-CVE-2015-3288]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2015-3288]
Fixed on: 2015-07-06 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3288]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-3823

(json)

CVE numbers: CVE-2015-3823 [Bulletin-CVE-2015-3823]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. [NIST-CVE-2015-3823]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3823]
Fixed on: 2015-07-16 [ANDROID-21335999]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3823] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3823]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3871

(json)

CVE numbers: CVE-2015-3871 [Bulletin-CVE-2015-3871]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. [NIST-CVE-2015-3871]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3871]
Fixed on: 2015-08-03 [ANDROID-23031033]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3871] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3871]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6600

(json)

CVE numbers: CVE-2015-6600 [Bulletin-CVE-2015-6600]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. [NIST-CVE-2015-6600]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6600]
Fixed on: 2015-08-04 [ANDROID-22882938]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6600] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6600]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3869

(json)

CVE numbers: CVE-2015-3869 [Bulletin-CVE-2015-3869]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. [NIST-CVE-2015-3869]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3869]
Fixed on: 2015-08-06 [ANDROID-23036083]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3869] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3869]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6617

(json)

CVE numbers: CVE-2015-6617 [Bulletin-CVE-2015-6617]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Skia
Details: Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. [NIST-CVE-2015-6617]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6617]
Fixed on: 2015-08-06 [ANDROID-23648740]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6617] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6617]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6617]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3864

(json)

CVE numbers: CVE-2015-3864 [Bulletin-CVE-2015-3864]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824. [NIST-CVE-2015-3864]
Discovered by: on: Unknown
Reported on: 2015-09-01 [Bulletin-CVE-2015-3864]
Fixed on: 2015-08-07 [ANDROID-23034759]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3864] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3864]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6604

(json)

CVE numbers: CVE-2015-6604 [Bulletin-CVE-2015-6604]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. [NIST-CVE-2015-6604]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6604]
Fixed on: 2015-08-12 [ANDROID-23129786]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6604] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6604]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6603

(json)

CVE numbers: CVE-2015-6603 [Bulletin-CVE-2015-6603]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. [NIST-CVE-2015-6603]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6603]
Fixed on: 2015-08-14 [ANDROID-23227354]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6603] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6603]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3876

(json)

CVE numbers: CVE-2015-3876 [Bulletin-CVE-2015-3876]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. [NIST-CVE-2015-3876]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3876]
Fixed on: 2015-08-15 [ANDROID-23285192]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3876] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3876]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

Stagefright2

(json)

CVE numbers: CVE-2015-6602 [zimperium-stagefright2], CVE-2015-3876 [android-security-october][archived]
Coordinated disclosure?: true
Categories: system, network
Details: Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright). Google assigned CVE-2015-6602 to vulnerability in libutils. [zimperium-stagefright2]
Discovered by: Joshua J. Drake [zimperium-stagefright2] on: 2015-08-15 [zimperium-stagefright2]
Reported on: 2015-10-01 [zimperium-stagefright2]
Fixed on: Unknown
Fix released on: 2015-10-05 [register-stagefright2]
Affected versions: 5.1 and below [android-security-october][archived] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [zimperium-stagefright2]
Affected manufacturers: all [zimperium-stagefright2]
Fixed versions: 5.1.1, LMY48T or later, LMY48W [android-security-october][archived]
Submission: by: Daniel R. Thomas, on: 2015-10-06; by: Laurent Simon, on: 2015-10-02; by: Alastair R. Beresford, on: 2015-10-01

CVE-2015-3868

(json)

CVE numbers: CVE-2015-3868 [Bulletin-CVE-2015-3868]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. [NIST-CVE-2015-3868]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3868]
Fixed on: 2015-08-18 [ANDROID-23270724]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3868] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3868]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3873

(json)

CVE numbers: CVE-2015-3873 [Bulletin-CVE-2015-3873]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. [NIST-CVE-2015-3873]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3873]
Fixed on: 2015-08-18 [ANDROID-23247055]
Fix released on: Unknown
Affected versions: 5.1 and below, 5.0 and 5.1 [Bulletin-CVE-2015-3873] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3873]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3875

(json)

CVE numbers: CVE-2015-3875 [Bulletin-CVE-2015-3875]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libutils
Details: libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. [NIST-CVE-2015-3875]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3875]
Fixed on: 2015-08-18 [ANDROID-22952485]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3875] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3875]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6598

(json)

CVE numbers: CVE-2015-6598 [Bulletin-CVE-2015-6598]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. [NIST-CVE-2015-6598]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6598]
Fixed on: 2015-08-18 [ANDROID-23306638]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6598] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6598]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3872

(json)

CVE numbers: CVE-2015-3872 [Bulletin-CVE-2015-3872]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. [NIST-CVE-2015-3872]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3872]
Fixed on: 2015-08-19 [ANDROID-23346388]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3872] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3872]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6602

(json)

CVE numbers: CVE-2015-6602 [Bulletin-CVE-2015-6602]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libutils
Details: libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. [NIST-CVE-2015-6602]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6602]
Fixed on: 2015-08-20 [ANDROID-23290056]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6602] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6602]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3874

(json)

CVE numbers: CVE-2015-3874 [Bulletin-CVE-2015-3874]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Sonivox
Details: The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. [NIST-CVE-2015-3874]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3874]
Fixed on: 2015-08-21 [2]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3874] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3874]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6599

(json)

CVE numbers: CVE-2015-6599 [Bulletin-CVE-2015-6599]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. [NIST-CVE-2015-6599]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6599]
Fixed on: 2015-08-21 [ANDROID-23416608]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6599] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6599]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6609

(json)

CVE numbers: CVE-2015-6609 [Bulletin-CVE-2015-6609]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in libutils
Details: libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. [NIST-CVE-2015-6609]
Discovered by: on: Unknown
Reported on: 2015-11-01 [Bulletin-CVE-2015-6609]
Fixed on: 2015-09-02 [ANDROID-22953624]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6609] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6609]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6608

(json)

CVE numbers: CVE-2015-6608 [Bulletin-CVE-2015-6608]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Mediaserver
Details: mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. [NIST-CVE-2015-6608]
Discovered by: on: Unknown
Reported on: 2015-11-01 [Bulletin-CVE-2015-6608]
Fixed on: 2015-09-08 [ANDROID-23876444]
Fix released on: Unknown
Affected versions: 5.0, 5.1, 6.0, 4.4, 5.0, 5.1, 6.0, 4.4 and 5.1, 5.0, 5.1, 6.0 [Bulletin-CVE-2015-6608] regex: (5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])|(4.4.[0-9])|(5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])|(4.4.[0-9])|(5.1.[0-9])|(5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6608]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

Metaphor

(json)

CVE numbers: CVE-2015-3864 [metaphor-avast]
Coordinated disclosure?: true
Categories: system
Details: A remote-access exploit that uses a vulnerability in libstagefright [metaphor-report][archived]
Discovered by: Hanan Be’er [metaphor-report][archived] on: Unknown
Reported on: Unknown
Fixed on: Unknown
Fix released on: 2015-09-09 [metaphor-bulletin][archived]
Affected versions: 2.2 to 4.0 and 5.0 to 5.1 [metaphor-report][archived] regex: (2.[2-9].[0-9])|(3.[0-9].[0-9])|(4.0.[0-9])|(5.[0-1].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

CVE-2015-6619

(json)

CVE numbers: CVE-2015-6619 [Bulletin-CVE-2015-6619]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege in Kernel
Details: The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. [NIST-CVE-2015-6619]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6619]
Fixed on: 2015-09-22 [ANDROID-23520714]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6619] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6619]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6619]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6616

(json)

CVE numbers: CVE-2015-6616 [Bulletin-CVE-2015-6616]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Mediaserver
Details: mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and CVE-2015-8507. [NIST-CVE-2015-6616]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6616]
Fixed on: 2015-10-05 [ANDROID-24630158]
Fix released on: Unknown
Affected versions: 6.0 and below, 5.1 and below, 6.0 and below, 6.0 [Bulletin-CVE-2015-6616] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6616]
Fixed versions: 6.0 and below, 5.1 and below, 6.0 and below, 6.0 [Bulletin-CVE-2015-6616]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6634

(json)

CVE numbers: CVE-2015-6634 [Bulletin-CVE-2015-6634]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Display Driver
Details: The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261. [NIST-CVE-2015-6634]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6634]
Fixed on: 2015-10-16 [ANDROID-24163261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6634] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6634]
Fixed versions: 5.1 and below [Bulletin-CVE-2015-6634]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8961

(json)

CVE numbers: CVE-2015-8961 [Bulletin-CVE-2015-8961]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. [NIST-CVE-2015-8961]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2015-8961]
Fixed on: 2015-10-17 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-8961]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0804

(json)

CVE numbers: CVE-2016-0804 [Bulletin-CVE-2016-0804]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434. [NIST-CVE-2016-0804]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0804]
Fixed on: 2015-10-19 [ANDROID-25070434]
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0804] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0804]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0804]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0807

(json)

CVE numbers: CVE-2016-0807 [Bulletin-CVE-2016-0807]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in the Debuggerd
Details: The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394. [NIST-CVE-2016-0807]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0807]
Fixed on: 2015-10-22 [ANDROID-25187394]
Fix released on: Unknown
Affected versions: 6.0 and 6.0.1 [Bulletin-CVE-2016-0807] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0807]
Fixed versions: 6.0 and 6.0.1 [Bulletin-CVE-2016-0807]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6636

(json)

CVE numbers: CVE-2015-6636 [Bulletin-CVE-2015-6636]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. [NIST-CVE-2015-6636]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6636]
Fixed on: 2015-10-27 [ANDROID-25070493]
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6636] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6636]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6636]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8962

(json)

CVE numbers: CVE-2015-8962 [Bulletin-CVE-2015-8962]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel SCSI driver
Details: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. [NIST-CVE-2015-8962]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2015-8962]
Fixed on: 2015-10-30 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-8962]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2013-7446

(json)

CVE numbers: CVE-2013-7446 [Bulletin-CVE-2013-7446]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. [NIST-CVE-2013-7446]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2013-7446]
Fixed on: 2015-11-20 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2013-7446]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0803

(json)

CVE numbers: CVE-2016-0803 [Bulletin-CVE-2016-0803]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794. [NIST-CVE-2016-0803]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0803]
Fixed on: 2015-11-20 [ANDROID-25812794]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0803] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0803]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0803]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0836

(json)

CVE numbers: CVE-2016-0836 [Bulletin-CVE-2016-0836]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590. [NIST-CVE-2016-0836]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0836]
Fixed on: 2015-11-24 [ANDROID-25812590]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0836] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0836]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0836]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3841

(json)

CVE numbers: CVE-2016-3841 [Bulletin-CVE-2016-3841]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking component
Details: The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. [NIST-CVE-2016-3841]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3841]
Fixed on: 2015-11-29 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3841]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6633

(json)

CVE numbers: CVE-2015-6633 [Bulletin-CVE-2015-6633]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Display Driver
Details: The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. [NIST-CVE-2015-6633]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6633]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6633] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6633]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6633]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0839

(json)

CVE numbers: CVE-2016-0839 [Bulletin-CVE-2016-0839]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245. [NIST-CVE-2016-0839]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0839]
Fixed on: 2015-12-03 [ANDROID-25753245]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0839] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0839]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0839]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0842

(json)

CVE numbers: CVE-2016-0842 [Bulletin-CVE-2016-0842]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in libstagefright
Details: The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142. [NIST-CVE-2016-0842]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0842]
Fixed on: 2015-12-04 [ANDROID-25818142]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0842] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0842]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0842]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2017-0470

(json)

CVE numbers: CVE-2017-0470 [Bulletin-CVE-2017-0470]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500. [NIST-CVE-2017-0470]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0470] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0470]
Fixed on: 2015-12-18 [A-33818500]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0470] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0470]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0470]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-0818

(json)

CVE numbers: CVE-2016-0818 [Bulletin-CVE-2016-0818]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege in Conscrypt
Details: The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. [NIST-CVE-2016-0818]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0818]
Fixed on: 2015-12-20 [[2]]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0818] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0818]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0818]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8966

(json)

CVE numbers: CVE-2015-8966 [Bulletin-CVE-2015-8966]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel
Details: arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. [NIST-CVE-2015-8966]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2015-8966]
Fixed on: 2015-12-28 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-8966]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-10229

(json)

CVE numbers: CVE-2016-10229 [Bulletin-CVE-2016-10229]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in kernel networking subsystem
Details: udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. [NIST-CVE-2016-10229]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2016-10229]
Fixed on: 2015-12-30 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-10229]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-0835

(json)

CVE numbers: CVE-2016-0835 [Bulletin-CVE-2016-0835]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. [NIST-CVE-2016-0835]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0835]
Fixed on: 2015-12-31 [ANDROID-26070014]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0835] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0835]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0835]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6637

(json)

CVE numbers: CVE-2015-6637 [Bulletin-CVE-2015-6637]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in misc-sd driver
Details: The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. [NIST-CVE-2015-6637]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6637]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6637] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6637]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6637]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6638

(json)

CVE numbers: CVE-2015-6638 [Bulletin-CVE-2015-6638]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in the Imagination Technologies driver
Details: The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. [NIST-CVE-2015-6638]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6638]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6638] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6638]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6638]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6639

(json)

CVE numbers: CVE-2015-6639 [Bulletin-CVE-2015-6639]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerabilities in Trustzone
Details: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. [NIST-CVE-2015-6639]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6639]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6639] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6639]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6639]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6647

(json)

CVE numbers: CVE-2015-6647 [Bulletin-CVE-2015-6647]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerabilities in Trustzone
Details: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. [NIST-CVE-2015-6647]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6647]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6647] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6647]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6647]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0816

(json)

CVE numbers: CVE-2016-0816 [Bulletin-CVE-2016-0816]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. [NIST-CVE-2016-0816]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0816]
Fixed on: 2016-01-07 [ANDROID-25928803]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0816] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0816]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0816]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2464

(json)

CVE numbers: CVE-2016-2464 [Bulletin-CVE-2016-2464]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libwebm
Details: libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. [NIST-CVE-2016-2464]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2464]
Fixed on: 2016-01-11 [2]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2464] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2464]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2464]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0815

(json)

CVE numbers: CVE-2016-0815 [Bulletin-CVE-2016-0815]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. [NIST-CVE-2016-0815]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0815]
Fixed on: 2016-01-12 [ANDROID-26365349]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0815] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0815]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0815]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0838

(json)

CVE numbers: CVE-2016-0838 [Bulletin-CVE-2016-0838]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256. [NIST-CVE-2016-0838]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0838]
Fixed on: 2016-01-12 [2]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0838] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0838]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0838]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-1621

(json)

CVE numbers: CVE-2016-1621 [Bulletin-CVE-2016-1621]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libvpx
Details: libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. [NIST-CVE-2016-1621]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-1621]
Fixed on: 2016-01-19 [[3]]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0 [Bulletin-CVE-2016-1621] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-1621]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0 [Bulletin-CVE-2016-1621]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7913

(json)

CVE numbers: CVE-2016-7913 [Bulletin-CVE-2016-7913]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel media driver
Details: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. [NIST-CVE-2016-7913]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-7913]
Fixed on: 2016-01-28 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7913]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-1503

(json)

CVE numbers: CVE-2016-1503 [Bulletin-CVE-2016-1503]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in DHCPCD
Details: dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. [NIST-CVE-2016-1503]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-1503]
Fixed on: 2016-02-11 [ANDROID-26461634]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-1503] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-1503]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-1503]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0840

(json)

CVE numbers: CVE-2016-0840 [Bulletin-CVE-2016-0840]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350. [NIST-CVE-2016-0840]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0840]
Fixed on: 2016-02-17 [ANDROID-26399350]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0840] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0840]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0840]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0841

(json)

CVE numbers: CVE-2016-0841 [Bulletin-CVE-2016-0841]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. [NIST-CVE-2016-0841]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0841]
Fixed on: 2016-02-18 [ANDROID-26040840]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0841] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0841]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0841]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0758

(json)

CVE numbers: CVE-2016-0758 [Bulletin-CVE-2016-0758]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in kernel ASN.1 decoder
Details: Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. [NIST-CVE-2016-0758]
Discovered by: on: Unknown
Reported on: 2016-10-01 [Bulletin-CVE-2016-0758]
Fixed on: 2016-02-23 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0758]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0837

(json)

CVE numbers: CVE-2016-0837 [Bulletin-CVE-2016-0837]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. [NIST-CVE-2016-0837]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0837]
Fixed on: 2016-02-23 [ANDROID-27208621]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0837] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0837]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0837]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-9120

(json)

CVE numbers: CVE-2016-9120 [Bulletin-CVE-2016-9120]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION driver
Details: Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. [NIST-CVE-2016-9120]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-9120]
Fixed on: 2016-02-24 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-9120]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0728

(json)

CVE numbers: CVE-2016-0728 [Bulletin-CVE-2016-0728]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Kernel Keyring Component
Details: The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. [NIST-CVE-2016-0728]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0728]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0728] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0728]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0728]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3951

(json)

CVE numbers: CVE-2016-3951 [Bulletin-CVE-2016-3951]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel USB driver
Details: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. [NIST-CVE-2016-3951]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-3951]
Fixed on: 2016-03-07 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3951]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2429

(json)

CVE numbers: CVE-2016-2429 [Bulletin-CVE-2016-2429]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885. [NIST-CVE-2016-2429]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2429]
Fixed on: 2016-03-11 [27211885]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2429] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2429]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2429]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7117

(json)

CVE numbers: CVE-2016-7117 [Bulletin-CVE-2016-7117]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in kernel networking subsystem
Details: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. [NIST-CVE-2016-7117]
Discovered by: on: Unknown
Reported on: 2016-10-01 [Bulletin-CVE-2016-7117]
Fixed on: 2016-03-14 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7117]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2428

(json)

CVE numbers: CVE-2016-2428 [Bulletin-CVE-2016-2428]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339. [NIST-CVE-2016-2428]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2428]
Fixed on: 2016-03-21 [26751339]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2428] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2428]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2428]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3134

(json)

CVE numbers: CVE-2016-3134 [Bulletin-CVE-2016-3134]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel netfilter subsystem
Details: The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. [NIST-CVE-2016-3134]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-3134]
Fixed on: 2016-03-22 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3134]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2430

(json)

CVE numbers: CVE-2016-2430 [Bulletin-CVE-2016-2430]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Debuggerd
Details: libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236. [NIST-CVE-2016-2430]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2430]
Fixed on: 2016-03-23 [27299236]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2430] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2430]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2430]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2184

(json)

CVE numbers: CVE-2016-2184 [Bulletin-CVE-2016-2184]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel sound subsystem
Details: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. [NIST-CVE-2016-2184]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-2184]
Fixed on: 2016-03-31 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2184]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1805

(json)

CVE numbers: CVE-2015-1805 [Bulletin-CVE-2015-1805]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Kernel
Details: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." [NIST-CVE-2015-1805]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2015-1805]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-1805] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-1805]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-1805]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0834

(json)

CVE numbers: CVE-2016-0834 [Bulletin-CVE-2016-0834]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Media Codec
Details: An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548. [NIST-CVE-2016-0834]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0834]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0834] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0834]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0834]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2463

(json)

CVE numbers: CVE-2016-2463 [Bulletin-CVE-2016-2463]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419. [NIST-CVE-2016-2463]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2463]
Fixed on: 2016-04-08 [27855419]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2463] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2463]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2463]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7912

(json)

CVE numbers: CVE-2016-7912 [Bulletin-CVE-2016-7912]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel USB driver
Details: Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. [NIST-CVE-2016-7912]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-7912]
Fixed on: 2016-04-14 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7912]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3742

(json)

CVE numbers: CVE-2016-3742 [Bulletin-CVE-2016-3742]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659. [NIST-CVE-2016-3742]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3742]
Fixed on: 2016-04-20 [A-28165659]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3742] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3742]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3742]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3743

(json)

CVE numbers: CVE-2016-3743 [Bulletin-CVE-2016-3743]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656. [NIST-CVE-2016-3743]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3743]
Fixed on: 2016-04-21 [A-27907656]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3743] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3743]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3743]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2505

(json)

CVE numbers: CVE-2016-2505 [Bulletin-CVE-2016-2505]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006. [NIST-CVE-2016-2505]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2505]
Fixed on: 2016-04-28 [A-28333006]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-2505] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2505]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-2505]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2507

(json)

CVE numbers: CVE-2016-2507 [Bulletin-CVE-2016-2507]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266. [NIST-CVE-2016-2507]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2507]
Fixed on: 2016-05-11 [A-28532266]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2507] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2507]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2507]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3840

(json)

CVE numbers: CVE-2016-3840 [Bulletin-CVE-2016-3840]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Conscrypt
Details: Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153. [NIST-CVE-2016-3840]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3840]
Fixed on: 2016-05-12 [A-28751153]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3840] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3840]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3840]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2506

(json)

CVE numbers: CVE-2016-2506 [Bulletin-CVE-2016-2506]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045. [NIST-CVE-2016-2506]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2506]
Fixed on: 2016-05-13 [A-28175045]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2506] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2506]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2506]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-9806

(json)

CVE numbers: CVE-2016-9806 [Bulletin-CVE-2016-9806]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. [NIST-CVE-2016-9806]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-9806]
Fixed on: 2016-05-16 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-9806]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-3741

(json)

CVE numbers: CVE-2016-3741 [Bulletin-CVE-2016-3741]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661. [NIST-CVE-2016-3741]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3741]
Fixed on: 2016-05-24 [2]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3741] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3741]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3741]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-4794

(json)

CVE numbers: CVE-2016-4794 [Bulletin-CVE-2016-4794]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel memory subsystem
Details: Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. [NIST-CVE-2016-4794]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-4794]
Fixed on: 2016-05-25 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-4794]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3820

(json)

CVE numbers: CVE-2016-3820 [Bulletin-CVE-2016-3820]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410. [NIST-CVE-2016-3820]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3820]
Fixed on: 2016-06-01 [A-28673410]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3820] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3820]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3820]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2017-0587

(json)

CVE numbers: CVE-2017-0587 [Bulletin-CVE-2017-0587]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737. [NIST-CVE-2017-0587]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0587] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0587]
Fixed on: 2016-06-01 [A-35219737]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0587] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0587]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0587]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-3819

(json)

CVE numbers: CVE-2016-3819 [Bulletin-CVE-2016-3819]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562. [NIST-CVE-2016-3819]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3819]
Fixed on: 2016-06-07 [A-28533562]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3819] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3819]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3819]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3821

(json)

CVE numbers: CVE-2016-3821 [Bulletin-CVE-2016-3821]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152. [NIST-CVE-2016-3821]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3821]
Fixed on: 2016-06-07 [A-28166152]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3821] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3821]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3821]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2508

(json)

CVE numbers: CVE-2016-2508 [Bulletin-CVE-2016-2508]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341. [NIST-CVE-2016-2508]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2508]
Fixed on: 2016-06-14 [2]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2508] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2508]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2508]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-4470

(json)

CVE numbers: CVE-2016-4470 [Bulletin-CVE-2016-4470]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel security subsystem
Details: The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. [NIST-CVE-2016-4470]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-4470]
Fixed on: 2016-06-16 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-4470]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-5340

(json)

CVE numbers: CVE-2016-5340 [Bulletin-CVE-2016-5340]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel shared memory subsystem
Details: The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. [NIST-CVE-2016-5340]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-5340]
Fixed on: 2016-06-22 [QC-CR#1008948]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-5340]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3861

(json)

CVE numbers: CVE-2016-3861 [Bulletin-CVE-2016-3861]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in LibUtils
Details: LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543. [NIST-CVE-2016-3861]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-3861]
Fixed on: 2016-06-28 [A-29250543]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0 [Bulletin-CVE-2016-3861] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3861]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0 [Bulletin-CVE-2016-3861]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8816

(json)

CVE numbers: CVE-2015-8816 [Bulletin-CVE-2015-8816]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in USB driver
Details: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. [NIST-CVE-2015-8816]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2015-8816]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-8816]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3775

(json)

CVE numbers: CVE-2016-3775 [Bulletin-CVE-2016-3775]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279. [NIST-CVE-2016-3775]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3775]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3775]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7911

(json)

CVE numbers: CVE-2016-7911 [Bulletin-CVE-2016-7911]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. [NIST-CVE-2016-7911]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-7911]
Fixed on: 2016-07-01 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7911]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3862

(json)

CVE numbers: CVE-2016-3862 [Bulletin-CVE-2016-3862]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469. [NIST-CVE-2016-3862]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-3862]
Fixed on: 2016-07-13 [A-29270469]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3862] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3862]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3862]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7910

(json)

CVE numbers: CVE-2016-7910 [Bulletin-CVE-2016-7910]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. [NIST-CVE-2016-7910]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-7910]
Fixed on: 2016-07-29 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7910]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3857

(json)

CVE numbers: CVE-2016-3857 [Bulletin-CVE-2016-3857]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel
Details: The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518. [NIST-CVE-2016-3857]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3857]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3857]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6828

(json)

CVE numbers: CVE-2016-6828 [Bulletin-CVE-2016-6828]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. [NIST-CVE-2016-6828]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6828]
Fixed on: 2016-08-17 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6828]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2182

(json)

CVE numbers: CVE-2016-2182 [Bulletin-CVE-2016-2182]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in OpenSSL & BoringSSL
Details: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. [NIST-CVE-2016-2182]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-2182]
Fixed on: 2016-08-22 [A-32096880]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2016-2182] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2182]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2016-2182]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-6699

(json)

CVE numbers: CVE-2016-6699 [Bulletin-CVE-2016-6699]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Android ID: A-31373622. [NIST-CVE-2016-6699]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6699]
Fixed on: 2016-09-13 [A-31373622]
Fix released on: Unknown
Affected versions: 7.0 [Bulletin-CVE-2016-6699] regex: (7.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6699]
Fixed versions: 7.0 [Bulletin-CVE-2016-6699]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-5195

(json)

CVE numbers: CVE-2016-5195 [Bulletin-CVE-2016-5195]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel memory subsystem
Details: Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." [NIST-CVE-2016-5195]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-5195]
Fixed on: 2016-10-13 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-5195]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

dirtyc0w

(json)

CVE numbers: CVE-2016-5195 [dirtyc0w-redhat]
Coordinated disclosure?: false
Categories: kernel
Details: A race condition in the Linux kernel's handling of copy-on-write (COW) operations means that users can gain write access to otherwise read-only areas of memory and gain permissions [dirtyc0w-redhat]
Discovered by: Phil Oester [dirtyc0w-redhat] on: Unknown
Reported on: 2016-10-13 [dirtyc0w-bugzilla]
Fixed on: 2016-10-18 [dirtyc0w-github][archived]
Fix released on: 2016-11-06 [dirtyc0w-bulletin]
Affected versions: 1.0 to 7.0 [dirtyc0w-arstechnica][archived] regex: ([1-6].[0-9].[0-9])|(7.0.[0-9])
Affected devices: all [dirtyc0w-arstechnica][archived]
Affected manufacturers: all [dirtyc0w-arstechnica][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

CVE-2017-0592

(json)

CVE numbers: CVE-2017-0592 [Bulletin-CVE-2017-0592]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788. [NIST-CVE-2017-0592]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0592]
Fixed on: 2016-10-24 [A-34970788]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0592] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0592]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0592]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-6700

(json)

CVE numbers: CVE-2016-6700 [Bulletin-CVE-2016-6700]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in libzipfile
Details: An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186. [NIST-CVE-2016-6700]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6700]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1 [Bulletin-CVE-2016-6700] regex: (4.4.4)|(5.0.2)|(5.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6700]
Fixed versions: 4.4.4, 5.0.2, 5.1.1 [Bulletin-CVE-2016-6700]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6728

(json)

CVE numbers: CVE-2016-6728 [Bulletin-CVE-2016-6728]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942. [NIST-CVE-2016-6728]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6728]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6728]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6737

(json)

CVE numbers: CVE-2016-6737 [Bulletin-CVE-2016-6737]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456. [NIST-CVE-2016-6737]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6737]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6737]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-10200

(json)

CVE numbers: CVE-2016-10200 [Bulletin-CVE-2016-10200]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. [NIST-CVE-2016-10200]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-10200]
Fixed on: 2016-11-18 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-10200]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0406

(json)

CVE numbers: CVE-2017-0406 [Bulletin-CVE-2017-0406]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871. [NIST-CVE-2017-0406]
Discovered by: Zhixin Li of NSFocus [Discovery-CVE-2017-0406] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0406]
Fixed on: 2016-11-18 [2]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0406] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0406]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0406]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0407

(json)

CVE numbers: CVE-2017-0407 [Bulletin-CVE-2017-0407]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375. [NIST-CVE-2017-0407]
Discovered by: Weichao Sun (@sunblate) of Alibaba Inc. [Discovery-CVE-2017-0407] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0407]
Fixed on: 2016-11-25 [A-32873375]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0407] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0407]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0407]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0474

(json)

CVE numbers: CVE-2017-0474 [Bulletin-CVE-2017-0474]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224. [NIST-CVE-2017-0474]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0474]
Fixed on: 2016-11-29 [A-32589224]
Fix released on: Unknown
Affected versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0474] regex: (7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0474]
Fixed versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0474]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0405

(json)

CVE numbers: CVE-2017-0405 [Bulletin-CVE-2017-0405]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Surfaceflinger
Details: A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. [NIST-CVE-2017-0405]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2017-0405] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0405]
Fixed on: 2016-12-05 [A-31960359]
Fix released on: Unknown
Affected versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0405] regex: (7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0405]
Fixed versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0405]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-9794

(json)

CVE numbers: CVE-2016-9794 [Bulletin-CVE-2016-9794]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel sound subsystem
Details: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. [NIST-CVE-2016-9794]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-9794]
Fixed on: 2016-12-12 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-9794]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0543

(json)

CVE numbers: CVE-2017-0543 [Bulletin-CVE-2017-0543]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866. [NIST-CVE-2017-0543]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0543]
Fixed on: 2016-12-15 [A-34097866]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0543] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0543]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0543]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0591

(json)

CVE numbers: CVE-2017-0591 [Bulletin-CVE-2017-0591]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672. [NIST-CVE-2017-0591]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0591]
Fixed on: 2016-12-15 [A-34097672]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0591] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0591]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0591]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0475

(json)

CVE numbers: CVE-2017-0475 [Bulletin-CVE-2017-0475]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in recovery verifier
Details: An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369. [NIST-CVE-2017-0475]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0475] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0475]
Fixed on: 2016-12-16 [A-31914369]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0475] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0475]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0475]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0466

(json)

CVE numbers: CVE-2017-0466 [Bulletin-CVE-2017-0466]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050. [NIST-CVE-2017-0466]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0466] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0466]
Fixed on: 2016-12-20 [A-33139050]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0466] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0466]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0466]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0467

(json)

CVE numbers: CVE-2017-0467 [Bulletin-CVE-2017-0467]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33250932. [NIST-CVE-2017-0467]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0467] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0467]
Fixed on: 2016-12-20 [A-33250932]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0467] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0467]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0467]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0468

(json)

CVE numbers: CVE-2017-0468 [Bulletin-CVE-2017-0468]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708. [NIST-CVE-2017-0468]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0468] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0468]
Fixed on: 2016-12-20 [A-33351708]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0468] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0468]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0468]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0542

(json)

CVE numbers: CVE-2017-0542 [Bulletin-CVE-2017-0542]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721. [NIST-CVE-2017-0542]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0542]
Fixed on: 2016-12-23 [A-33934721]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0542] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0542]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0542]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0469

(json)

CVE numbers: CVE-2017-0469 [Bulletin-CVE-2017-0469]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635. [NIST-CVE-2017-0469]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0469] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0469]
Fixed on: 2016-12-27 [A-33450635]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0469] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0469]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0469]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0673

(json)

CVE numbers: CVE-2017-0673 [Bulletin-CVE-2017-0673]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623. [NIST-CVE-2017-0673]
Discovered by: on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0673]
Fixed on: 2016-12-30 [A-33974623]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0673] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0673]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0673]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0538

(json)

CVE numbers: CVE-2017-0538 [Bulletin-CVE-2017-0538]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588. [NIST-CVE-2017-0538]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0538] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0538]
Fixed on: 2017-01-05 [A-33641588]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0538] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0538]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0538]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0471

(json)

CVE numbers: CVE-2017-0471 [Bulletin-CVE-2017-0471]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33816782. [NIST-CVE-2017-0471]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0471] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0471]
Fixed on: 2017-01-13 [A-33816782]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0471] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0471]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0471]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0472

(json)

CVE numbers: CVE-2017-0472 [Bulletin-CVE-2017-0472]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33862021. [NIST-CVE-2017-0472]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0472] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0472]
Fixed on: 2017-01-13 [A-33862021]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0472] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0472]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0472]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0539

(json)

CVE numbers: CVE-2017-0539 [Bulletin-CVE-2017-0539]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300. [NIST-CVE-2017-0539]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0539] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0539]
Fixed on: 2017-01-13 [A-33864300]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0539] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0539]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0539]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0590

(json)

CVE numbers: CVE-2017-0590 [Bulletin-CVE-2017-0590]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946. [NIST-CVE-2017-0590]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0590] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0590]
Fixed on: 2017-01-13 [A-35039946]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0590] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0590]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0590]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0473

(json)

CVE numbers: CVE-2017-0473 [Bulletin-CVE-2017-0473]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33982658. [NIST-CVE-2017-0473]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0473] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0473]
Fixed on: 2017-01-16 [A-33982658]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0473] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0473]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0473]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0427

(json)

CVE numbers: CVE-2017-0427 [Bulletin-CVE-2017-0427]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866. [NIST-CVE-2017-0427]
Discovered by: Qidan He (何淇丹) (@flanker_hqd) of KeenLab, Tencent (腾讯科恩实验室) [Discovery-CVE-2017-0427] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0427]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0427]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0541

(json)

CVE numbers: CVE-2017-0541 [Bulletin-CVE-2017-0541]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018. [NIST-CVE-2017-0541]
Discovered by: Jianjun Dai (@Jioun_dai) of Qihoo 360 Skyeye Labs [Discovery-CVE-2017-0541] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0541]
Fixed on: 2017-02-07 [A-34031018]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0541] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0541]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0541]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0680

(json)

CVE numbers: CVE-2017-0680 [Bulletin-CVE-2017-0680]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096. [NIST-CVE-2017-0680]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0680] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0680]
Fixed on: 2017-02-10 [A-37008096]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0680] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0680]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0680]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0507

(json)

CVE numbers: CVE-2017-0507 [Bulletin-CVE-2017-0507]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382. [NIST-CVE-2017-0507]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0507]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0507]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0508

(json)

CVE numbers: CVE-2017-0508 [Bulletin-CVE-2017-0508]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449. [NIST-CVE-2017-0508]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0508]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0508]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0510

(json)

CVE numbers: CVE-2017-0510 [Bulletin-CVE-2017-0510]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel FIQ debugger
Details: An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555. [NIST-CVE-2017-0510]
Discovered by: Sagi Kedmi of IBM Security X-Force Research [Discovery-CVE-2017-0510] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0510]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0510]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0589

(json)

CVE numbers: CVE-2017-0589 [Bulletin-CVE-2017-0589]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036. [NIST-CVE-2017-0589]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0589] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0589]
Fixed on: 2017-03-06 [A-34897036]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0589] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0589]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0589]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0588

(json)

CVE numbers: CVE-2017-0588 [Bulletin-CVE-2017-0588]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607. [NIST-CVE-2017-0588]
Discovered by: Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc. [Discovery-CVE-2017-0588] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0588]
Fixed on: 2017-03-10 [A-34618607]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0588] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0588]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0588]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0756

(json)

CVE numbers: CVE-2017-0756 [Bulletin-CVE-2017-0756]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. [NIST-CVE-2017-0756]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0756]
Fixed on: 2017-03-10 [A-34621073]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0756] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0756]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0756]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-7555

(json)

CVE numbers: CVE-2015-7555 [Bulletin-CVE-2015-7555]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in GIFLIB
Details: Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. [NIST-CVE-2015-7555]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2015-7555]
Fixed on: 2017-03-13 [A-34697653]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2015-7555] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-7555]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2015-7555]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0677

(json)

CVE numbers: CVE-2017-0677 [Bulletin-CVE-2017-0677]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074. [NIST-CVE-2017-0677]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0677] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0677]
Fixed on: 2017-03-20 [A-36035074]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0677] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0677]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0677]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0637

(json)

CVE numbers: CVE-2017-0637 [Bulletin-CVE-2017-0637]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500. [NIST-CVE-2017-0637]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0637] on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2017-0637]
Fixed on: 2017-03-31 [A-34064500]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0637] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0637]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0637]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0564

(json)

CVE numbers: CVE-2017-0564 [Bulletin-CVE-2017-0564]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203. [NIST-CVE-2017-0564]
Discovered by: Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0564] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0564]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0564]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2017-0674

(json)

CVE numbers: CVE-2017-0674 [Bulletin-CVE-2017-0674]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163. [NIST-CVE-2017-0674]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0674] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0674]
Fixed on: 2017-04-05 [A-34231163]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0674] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0674]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0674]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0675

(json)

CVE numbers: CVE-2017-0675 [Bulletin-CVE-2017-0675]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227. [NIST-CVE-2017-0675]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0675] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0675]
Fixed on: 2017-04-05 [2]
Fix released on: Unknown
Affected versions: 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0675] regex: (6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0675]
Fixed versions: 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0675]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0676

(json)

CVE numbers: CVE-2017-0676 [Bulletin-CVE-2017-0676]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431. [NIST-CVE-2017-0676]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0676] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0676]
Fixed on: 2017-04-05 [A-34896431]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0676] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0676]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0676]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13160

(json)

CVE numbers: CVE-2017-13160 [Bulletin-CVE-2017-13160]
Coordinated disclosure?: unknown
Categories: System
Details: A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362. [NIST-CVE-2017-13160]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2017-13160] on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-13160]
Fixed on: 2017-04-06 [A-37160362]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-13160]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-13160] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13160]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-13160]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0759

(json)

CVE numbers: CVE-2017-0759 [Bulletin-CVE-2017-0759]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. [NIST-CVE-2017-0759]
Discovered by: Weichao Sun (@sunblate) of Alibaba Inc. [Discovery-CVE-2017-0759] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0759]
Fixed on: 2017-04-13 [A-36715268]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0759] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0759]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0759]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0719

(json)

CVE numbers: CVE-2017-0719 [Bulletin-CVE-2017-0719]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673. [NIST-CVE-2017-0719]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0719] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0719]
Fixed on: 2017-04-20 [A-37273673]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0719] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0719]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0719]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0721

(json)

CVE numbers: CVE-2017-0721 [Bulletin-CVE-2017-0721]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455. [NIST-CVE-2017-0721]
Discovered by: on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0721]
Fixed on: 2017-04-21 [A-37561455]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0721] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0721]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0721]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0723

(json)

CVE numbers: CVE-2017-0723 [Bulletin-CVE-2017-0723]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755. [NIST-CVE-2017-0723]
Discovered by: on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0723]
Fixed on: 2017-04-21 [A-37968755]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0723] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0723]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0723]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0540

(json)

CVE numbers: CVE-2017-0540 [Bulletin-CVE-2017-0540]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031. [NIST-CVE-2017-0540]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0540] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0540]
Fixed on: 2017-04-22 [A-33966031]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0540] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0540]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0540]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10277

(json)

CVE numbers: CVE-2016-10277 [Bulletin-CVE-2016-10277]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Motorola bootloader
Details: An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. [NIST-CVE-2016-10277]
Discovered by: Roee Hay (@roeehay) of Aleph Research, HCL Technologies [Discovery-CVE-2016-10277] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-10277]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-10277]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0811

(json)

CVE numbers: CVE-2017-0811 [Bulletin-CVE-2017-0811]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177. [NIST-CVE-2017-0811]
Discovered by: on: Unknown
Reported on: 2017-10-01 [Bulletin-CVE-2017-0811]
Fixed on: 2017-05-03 [A-37930177]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0811] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0811]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0811]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0679

(json)

CVE numbers: CVE-2017-0679 [Bulletin-CVE-2017-0679]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978. [NIST-CVE-2017-0679]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0679] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0679]
Fixed on: 2017-05-08 [A-36996978]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0679] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0679]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0679]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0715

(json)

CVE numbers: CVE-2017-0715 [Bulletin-CVE-2017-0715]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372. [NIST-CVE-2017-0715]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0715] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0715]
Fixed on: 2017-05-08 [A-36998372]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0715] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0715]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0715]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-8890

(json)

CVE numbers: CVE-2017-8890 [Bulletin-CVE-2017-8890]
Coordinated disclosure?: unknown
Categories: Kernel components
Details: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. [NIST-CVE-2017-8890]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-8890]
Fixed on: 2017-05-09 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-8890]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0681

(json)

CVE numbers: CVE-2017-0681 [Bulletin-CVE-2017-0681]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566. [NIST-CVE-2017-0681]
Discovered by: Xuxian Jiang of C0RE Team [Discovery-CVE-2017-0681] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0681]
Fixed on: 2017-05-11 [A-37208566]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0681] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0681]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0681]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0716

(json)

CVE numbers: CVE-2017-0716 [Bulletin-CVE-2017-0716]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196. [NIST-CVE-2017-0716]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0716] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0716]
Fixed on: 2017-05-12 [A-37203196]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0716] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0716]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0716]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0678

(json)

CVE numbers: CVE-2017-0678 [Bulletin-CVE-2017-0678]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151. [NIST-CVE-2017-0678]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0678] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0678]
Fixed on: 2017-05-15 [A-36576151]
Fix released on: Unknown
Affected versions: 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0678] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0678]
Fixed versions: 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0678]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0762

(json)

CVE numbers: CVE-2017-0762 [Bulletin-CVE-2017-0762]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. [NIST-CVE-2017-0762]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0762]
Fixed on: 2017-05-17 [A-62214264]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0762] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0762]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0762]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0745

(json)

CVE numbers: CVE-2017-0745 [Bulletin-CVE-2017-0745]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296. [NIST-CVE-2017-0745]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0745] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0745]
Fixed on: 2017-05-18 [A-37079296]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0745] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0745]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0745]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0714

(json)

CVE numbers: CVE-2017-0714 [Bulletin-CVE-2017-0714]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637. [NIST-CVE-2017-0714]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0714] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0714]
Fixed on: 2017-05-19 [A-36492637]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0714] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0714]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0714]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0722

(json)

CVE numbers: CVE-2017-0722 [Bulletin-CVE-2017-0722]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827. [NIST-CVE-2017-0722]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0722] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0722]
Fixed on: 2017-05-19 [A-37660827]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0722] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0722]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0722]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0720

(json)

CVE numbers: CVE-2017-0720 [Bulletin-CVE-2017-0720]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213. [NIST-CVE-2017-0720]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0720] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0720]
Fixed on: 2017-05-23 [A-37430213]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0720] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0720]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0720]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0718

(json)

CVE numbers: CVE-2017-0718 [Bulletin-CVE-2017-0718]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547. [NIST-CVE-2017-0718]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0718] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0718]
Fixed on: 2017-05-30 [A-37273547]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0718] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0718]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0718]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0760

(json)

CVE numbers: CVE-2017-0760 [Bulletin-CVE-2017-0760]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. [NIST-CVE-2017-0760]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0760] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0760]
Fixed on: 2017-05-30 [A-37237396]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0760] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0760]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0760]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0757

(json)

CVE numbers: CVE-2017-0757 [Bulletin-CVE-2017-0757]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. [NIST-CVE-2017-0757]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0757] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0757]
Fixed on: 2017-06-01 [A-36006815]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0757] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0757]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0757]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0758

(json)

CVE numbers: CVE-2017-0758 [Bulletin-CVE-2017-0758]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. [NIST-CVE-2017-0758]
Discovered by: Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0758] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0758]
Fixed on: 2017-06-02 [A-36492741]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0758] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0758]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0758]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0810

(json)

CVE numbers: CVE-2017-0810 [Bulletin-CVE-2017-0810]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066. [NIST-CVE-2017-0810]
Discovered by: on: Unknown
Reported on: 2017-10-01 [Bulletin-CVE-2017-0810]
Fixed on: 2017-06-09 [A-38207066]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0810] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0810]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0810]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0832

(json)

CVE numbers: CVE-2017-0832 [Bulletin-CVE-2017-0832]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820. [NIST-CVE-2017-0832]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0832]
Fixed on: 2017-06-09 [A-62887820]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0832]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0832] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0832]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0832]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0835

(json)

CVE numbers: CVE-2017-0835 [Bulletin-CVE-2017-0835]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832. [NIST-CVE-2017-0835]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0835]
Fixed on: 2017-06-09 [A-63316832]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0835]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0835] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0835]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0835]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0761

(json)

CVE numbers: CVE-2017-0761 [Bulletin-CVE-2017-0761]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. [NIST-CVE-2017-0761]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0761] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0761]
Fixed on: 2017-06-16 [A-38448381]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0761] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0761]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0761]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0763

(json)

CVE numbers: CVE-2017-0763 [Bulletin-CVE-2017-0763]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. [NIST-CVE-2017-0763]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0763]
Fixed on: 2017-06-22 [A-62534693]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0763] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0763]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0763]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0833

(json)

CVE numbers: CVE-2017-0833 [Bulletin-CVE-2017-0833]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384. [NIST-CVE-2017-0833]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0833]
Fixed on: 2017-06-22 [A-62896384]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0833]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0833] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0833]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0833]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0809

(json)

CVE numbers: CVE-2017-0809 [Bulletin-CVE-2017-0809]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128. [NIST-CVE-2017-0809]
Discovered by: on: Unknown
Reported on: 2017-10-01 [Bulletin-CVE-2017-0809]
Fixed on: 2017-06-27 [A-62673128]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0809] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0809]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0809]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0834

(json)

CVE numbers: CVE-2017-0834 [Bulletin-CVE-2017-0834]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953. [NIST-CVE-2017-0834]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0834]
Fixed on: 2017-06-27 [A-63125953]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0834]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0834] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0834]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0834]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13230

(json)

CVE numbers: CVE-2017-13230 [Bulletin-CVE-2017-13230]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665. [NIST-CVE-2017-13230]
Discovered by: Niky1235 (@jiych_guru) [Discovery-CVE-2017-13230] on: Unknown
Reported on: 2018-02-01 [Bulletin-CVE-2017-13230]
Fixed on: 2017-07-06 [A-65483665]
Fix released on: 2018-02-05 [Bulletin-CVE-2017-13230]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2017-13230] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13230]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2017-13230]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-0765

(json)

CVE numbers: CVE-2017-0765 [Bulletin-CVE-2017-0765]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. [NIST-CVE-2017-0765]
Discovered by: Xuxian Jiang of C0RE Team [Discovery-CVE-2017-0765] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0765]
Fixed on: 2017-07-10 [A-62872863]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0765] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0765]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0765]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13151

(json)

CVE numbers: CVE-2017-13151 [Bulletin-CVE-2017-13151]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456. [NIST-CVE-2017-13151]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-13151]
Fixed on: 2017-07-12 [A-63874456]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-13151]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-13151] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13151]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-13151]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0764

(json)

CVE numbers: CVE-2017-0764 [Bulletin-CVE-2017-0764]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. [NIST-CVE-2017-0764]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0764] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0764]
Fixed on: 2017-07-13 [A-62872015]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0764] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0764]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0764]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0781

(json)

CVE numbers: CVE-2017-0781 [Bulletin-CVE-2017-0781]
Coordinated disclosure?: unknown
Categories: System
Details: A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. [NIST-CVE-2017-0781]
Discovered by: Gregory Vishnepolsky of Armis, Inc. [Discovery-CVE-2017-0781] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0781]
Fixed on: 2017-07-17 [2]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0781] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0781]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0781]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0782

(json)

CVE numbers: CVE-2017-0782 [Bulletin-CVE-2017-0782]
Coordinated disclosure?: unknown
Categories: System
Details: A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. [NIST-CVE-2017-0782]
Discovered by: Gregory Vishnepolsky of Armis, Inc. [Discovery-CVE-2017-0782] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0782]
Fixed on: 2017-07-17 [3]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0782] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0782]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0782]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13249

(json)

CVE numbers: CVE-2017-13249 [Bulletin-CVE-2017-13249]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408. [NIST-CVE-2017-13249]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-13249] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13249]
Fixed on: 2017-08-09 [A-70399408]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13249]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13249] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13249]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13249]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-0841

(json)

CVE numbers: CVE-2017-0841 [Bulletin-CVE-2017-0841]
Coordinated disclosure?: unknown
Categories: System
Details: A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. [NIST-CVE-2017-0841]
Discovered by: Jose Martinez [Discovery-CVE-2017-0841] on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0841]
Fixed on: 2017-08-14 [A-37723026]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0841]
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0841] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0841]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0841]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0878

(json)

CVE numbers: CVE-2017-0878 [Bulletin-CVE-2017-0878]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291. [NIST-CVE-2017-0878]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-0878]
Fixed on: 2017-08-29 [A-65186291]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-0878]
Affected versions: 8.0 [Bulletin-CVE-2017-0878] regex: (8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0878]
Fixed versions: 8.0 [Bulletin-CVE-2017-0878]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2018-9473

(json)

CVE numbers: CVE-2018-9473 [Bulletin-CVE-2018-9473]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460 [NIST-CVE-2018-9473]
Discovered by: Niky1235 (@jiych_guru) [Discovery-CVE-2018-9473] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9473]
Fixed on: 2017-08-29 [A-65484460]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9473]
Affected versions: 8.0 [Bulletin-CVE-2018-9473] regex: (8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9473]
Fixed versions: 8.0 [Bulletin-CVE-2018-9473]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-0836

(json)

CVE numbers: CVE-2017-0836 [Bulletin-CVE-2017-0836]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226. [NIST-CVE-2017-0836]
Discovered by: Mingjian Zhou (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2017-0836] on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0836]
Fixed on: 2017-08-31 [A-64893226]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0836]
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0836] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0836]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0836]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0872

(json)

CVE numbers: CVE-2017-0872 [Bulletin-CVE-2017-0872]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323. [NIST-CVE-2017-0872]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-0872]
Fixed on: 2017-09-27 [A-65290323]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-0872]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0872] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0872]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0872]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13178

(json)

CVE numbers: CVE-2017-13178 [Bulletin-CVE-2017-13178]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281. [NIST-CVE-2017-13178]
Discovered by: Chi Zhang and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2017-13178] on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-13178]
Fixed on: 2017-10-04 [A-66969281]
Fix released on: 2018-01-05 [Bulletin-CVE-2017-13178]
Affected versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13178] regex: (6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13178]
Fixed versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13178]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13179

(json)

CVE numbers: CVE-2017-13179 [Bulletin-CVE-2017-13179]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193. [NIST-CVE-2017-13179]
Discovered by: Chi Zhang and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2017-13179] on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-13179]
Fixed on: 2017-10-04 [A-66969193]
Fix released on: 2018-01-05 [Bulletin-CVE-2017-13179]
Affected versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13179] regex: (6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13179]
Fixed versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13179]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13177

(json)

CVE numbers: CVE-2017-13177 [Bulletin-CVE-2017-13177]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413. [NIST-CVE-2017-13177]
Discovered by: on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-13177]
Fixed on: 2017-10-09 [A-68320413]
Fix released on: 2018-01-05 [Bulletin-CVE-2017-13177]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13177] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13177]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13177]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2017-13208

(json)

CVE numbers: CVE-2017-13208 [Bulletin-CVE-2017-13208]
Coordinated disclosure?: unknown
Categories: System
Details: In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440. [NIST-CVE-2017-13208]
Discovered by: tintinweb [Discovery-CVE-2017-13208] on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-13208]
Fixed on: 2017-10-13 [A-67474440]
Fix released on: 2018-01-05 [Bulletin-CVE-2017-13208]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13208] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13208]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13208]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13228

(json)

CVE numbers: CVE-2017-13228 [Bulletin-CVE-2017-13228]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425. [NIST-CVE-2017-13228]
Discovered by: on: Unknown
Reported on: 2018-02-01 [Bulletin-CVE-2017-13228]
Fixed on: 2017-11-28 [A-69478425]
Fix released on: 2018-02-05 [Bulletin-CVE-2017-13228]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13228] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13228]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13228]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-0876

(json)

CVE numbers: CVE-2017-0876 [Bulletin-CVE-2017-0876]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675. [NIST-CVE-2017-0876]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-0876]
Fixed on: Unknown
Fix released on: 2017-12-05 [Bulletin-CVE-2017-0876]
Affected versions: 6.0 [Bulletin-CVE-2017-0876] regex: (6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0876]
Fixed versions: 6.0 [Bulletin-CVE-2017-0876]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0877

(json)

CVE numbers: CVE-2017-0877 [Bulletin-CVE-2017-0877]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937. [NIST-CVE-2017-0877]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-0877]
Fixed on: Unknown
Fix released on: 2017-12-05 [Bulletin-CVE-2017-0877]
Affected versions: 6.0 [Bulletin-CVE-2017-0877] regex: (6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0877]
Fixed versions: 6.0 [Bulletin-CVE-2017-0877]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13248

(json)

CVE numbers: CVE-2017-13248 [Bulletin-CVE-2017-13248]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612. [NIST-CVE-2017-13248]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-13248] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13248]
Fixed on: 2017-12-18 [A-70349612]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13248]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13248] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13248]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13248]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13250

(json)

CVE numbers: CVE-2017-13250 [Bulletin-CVE-2017-13250]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536. [NIST-CVE-2017-13250]
Discovered by: on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13250]
Fixed on: 2017-12-27 [A-71375536]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13250]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13250] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13250]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13250]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13251

(json)

CVE numbers: CVE-2017-13251 [Bulletin-CVE-2017-13251]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702. [NIST-CVE-2017-13251]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-13251] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13251]
Fixed on: 2017-12-28 [A-69269702]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13251]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13251] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13251]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13251]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9498

(json)

CVE numbers: CVE-2018-9498 [Bulletin-CVE-2018-9498]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 [NIST-CVE-2018-9498]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9498] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9498]
Fixed on: 2018-01-05 [A-78354855]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9498]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9498] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9498]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9498]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13255

(json)

CVE numbers: CVE-2017-13255 [Bulletin-CVE-2017-13255]
Coordinated disclosure?: unknown
Categories: System
Details: In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054. [NIST-CVE-2017-13255]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-13255] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13255]
Fixed on: 2018-01-09 [A-68776054]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13255]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13255] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13255]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13255]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13256

(json)

CVE numbers: CVE-2017-13256 [Bulletin-CVE-2017-13256]
Coordinated disclosure?: unknown
Categories: System
Details: In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966. [NIST-CVE-2017-13256]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-13256] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13256]
Fixed on: 2018-01-09 [A-68817966]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13256]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13256] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13256]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13256]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13266

(json)

CVE numbers: CVE-2017-13266 [Bulletin-CVE-2017-13266]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941. [NIST-CVE-2017-13266]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-13266] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13266]
Fixed on: 2018-01-10 [A-69478941]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13266]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13266] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13266]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13266]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13267

(json)

CVE numbers: CVE-2017-13267 [Bulletin-CVE-2017-13267]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009. [NIST-CVE-2017-13267]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13267] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13267]
Fixed on: 2018-01-10 [A-69479009]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13267]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13267] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13267]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13267]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13272

(json)

CVE numbers: CVE-2017-13272 [Bulletin-CVE-2017-13272]
Coordinated disclosure?: unknown
Categories: System
Details: In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137. [NIST-CVE-2017-13272]
Discovered by: Wish Wu (@wish_wu 吴潍浠此彼) of Ant-financial Light-Year Security Lab [Discovery-CVE-2017-13272] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13272]
Fixed on: 2018-01-11 [2]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13272]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13272] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13272]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13272]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13276

(json)

CVE numbers: CVE-2017-13276 [Bulletin-CVE-2017-13276]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599. [NIST-CVE-2017-13276]
Discovered by: Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13276] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13276]
Fixed on: 2018-01-12 [A-70637599]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13276]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13276] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13276]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13276]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13277

(json)

CVE numbers: CVE-2017-13277 [Bulletin-CVE-2017-13277]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027. [NIST-CVE-2017-13277]
Discovered by: Weichao Sun of Alibaba Inc (@sunblate) [Discovery-CVE-2017-13277] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13277]
Fixed on: 2018-01-23 [A-72165027]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13277]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13277] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13277]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13277]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13282

(json)

CVE numbers: CVE-2017-13282 [Bulletin-CVE-2017-13282]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315. [NIST-CVE-2017-13282]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13282] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13282]
Fixed on: 2018-02-02 [A-71603315]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13282]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13282] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13282]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13282]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13283

(json)

CVE numbers: CVE-2017-13283 [Bulletin-CVE-2017-13283]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410. [NIST-CVE-2017-13283]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13283] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13283]
Fixed on: 2018-02-02 [A-71603410]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13283]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13283] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13283]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13283]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13281

(json)

CVE numbers: CVE-2017-13281 [Bulletin-CVE-2017-13281]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262. [NIST-CVE-2017-13281]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13281] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13281]
Fixed on: 2018-02-09 [A-71603262]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13281]
Affected versions: 8.0, 8.1 [Bulletin-CVE-2017-13281] regex: (8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13281]
Fixed versions: 8.0, 8.1 [Bulletin-CVE-2017-13281]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13284

(json)

CVE numbers: CVE-2017-13284 [Bulletin-CVE-2017-13284]
Coordinated disclosure?: unknown
Categories: System
Details: In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273. [NIST-CVE-2017-13284]
Discovered by: Jean-Baptiste Cayrou (@jbcayrou) [Discovery-CVE-2017-13284] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13284]
Fixed on: 2018-02-09 [A-70808273]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13284]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13284] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13284]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13284]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9341

(json)

CVE numbers: CVE-2018-9341 [Bulletin-CVE-2018-9341]
Coordinated disclosure?: unknown
Categories: Media framework
Details:
Discovered by: Stephan Zeisberg of Security Research Labs [Discovery-CVE-2018-9341] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9341]
Fixed on: 2018-03-15 [A-74016277]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9341]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9341] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9341]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9341]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9356

(json)

CVE numbers: CVE-2018-9356 [Bulletin-CVE-2018-9356]
Coordinated disclosure?: unknown
Categories: System
Details: In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468. [NIST-CVE-2018-9356]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2018-9356] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9356]
Fixed on: 2018-03-21 [A-74950468]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9356]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9356] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9356]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9356]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9365

(json)

CVE numbers: CVE-2018-9365 [Bulletin-CVE-2018-9365]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9365] on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-9365]
Fixed on: 2018-03-30 [A-74121126]
Fix released on: 2018-07-05 [Bulletin-CVE-2018-9365]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9365] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9365]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9365]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9355

(json)

CVE numbers: CVE-2018-9355 [Bulletin-CVE-2018-9355]
Coordinated disclosure?: unknown
Categories: System
Details: In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921. [NIST-CVE-2018-9355]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2018-9355] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9355]
Fixed on: 2018-04-02 [A-74016921]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9355]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9355] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9355]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9355]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9357

(json)

CVE numbers: CVE-2018-9357 [Bulletin-CVE-2018-9357]
Coordinated disclosure?: unknown
Categories: System
Details: In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. [NIST-CVE-2018-9357]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2018-9357] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9357]
Fixed on: 2018-04-11 [A-74947856]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9357]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9357] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9357]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9357]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9411

(json)

CVE numbers: CVE-2018-9411 [Bulletin-CVE-2018-9411]
Coordinated disclosure?: unknown
Categories: Media framework
Details:
Discovered by: Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team [Discovery-CVE-2018-9411] on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-9411]
Fixed on: 2018-05-11 [A-79376389]
Fix released on: 2018-07-05 [Bulletin-CVE-2018-9411]
Affected versions: 8.0, 8.1 [Bulletin-CVE-2018-9411] regex: (8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9411]
Fixed versions: 8.0, 8.1 [Bulletin-CVE-2018-9411]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9427

(json)

CVE numbers: CVE-2018-9427 [Bulletin-CVE-2018-9427]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542. [NIST-CVE-2018-9427]
Discovered by: on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2018-9427]
Fixed on: 2018-05-23 [2]
Fix released on: 2018-08-05 [Bulletin-CVE-2018-9427]
Affected versions: 8.0, 8.1 [Bulletin-CVE-2018-9427] regex: (8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9427]
Fixed versions: 8.0, 8.1 [Bulletin-CVE-2018-9427]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9446

(json)

CVE numbers: CVE-2018-9446 [Bulletin-CVE-2018-9446]
Coordinated disclosure?: unknown
Categories: System
Details: In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. [NIST-CVE-2018-9446]
Discovered by: Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9446] on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2018-9446]
Fixed on: 2018-05-29 [A-80145946]
Fix released on: 2018-08-05 [Bulletin-CVE-2018-9446]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9446] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9446]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9446]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5146

(json)

CVE numbers: CVE-2018-5146 [Bulletin-CVE-2018-5146]
Coordinated disclosure?: unknown
Categories: Media framework
Details: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. [NIST-CVE-2018-5146]
Discovered by: Jose Martinez [Discovery-CVE-2018-5146] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-5146]
Fixed on: Unknown
Fix released on: 2018-06-05 [Bulletin-CVE-2018-5146]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-5146] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-5146]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-5146]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9450

(json)

CVE numbers: CVE-2018-9450 [Bulletin-CVE-2018-9450]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. [NIST-CVE-2018-9450]
Discovered by: Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9450] on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2018-9450]
Fixed on: 2018-06-05 [A-79541338]
Fix released on: 2018-08-05 [Bulletin-CVE-2018-9450]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9450] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9450]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9450]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9536

(json)

CVE numbers: CVE-2018-9536 [Bulletin-CVE-2018-9536]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 [NIST-CVE-2018-9536]
Discovered by: on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-9536]
Fixed on: 2018-06-08 [A-112662184]
Fix released on: 2018-11-05 [Bulletin-CVE-2018-9536]
Affected versions: 9 [Bulletin-CVE-2018-9536] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9536]
Fixed versions: 9 [Bulletin-CVE-2018-9536]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9550

(json)

CVE numbers: CVE-2018-9550 [Bulletin-CVE-2018-9550]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981. [NIST-CVE-2018-9550]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9550]
Fixed on: 2018-06-08 [A-112660981]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9550]
Affected versions: 9 [Bulletin-CVE-2018-9550] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9550]
Fixed versions: 9 [Bulletin-CVE-2018-9550]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9476

(json)

CVE numbers: CVE-2018-9476 [Bulletin-CVE-2018-9476]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112 [NIST-CVE-2018-9476]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9476] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9476]
Fixed on: 2018-06-13 [A-109699112]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9476]
Affected versions: 8.0, 8.1 [Bulletin-CVE-2018-9476] regex: (8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9476]
Fixed versions: 8.0, 8.1 [Bulletin-CVE-2018-9476]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9478

(json)

CVE numbers: CVE-2018-9478 [Bulletin-CVE-2018-9478]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: Jianjun Dai (@jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9478] on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-9478]
Fixed on: 2018-06-22 [A-79217522]
Fix released on: 2018-09-05 [Bulletin-CVE-2018-9478]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9478] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9478]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9478]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9479

(json)

CVE numbers: CVE-2018-9479 [Bulletin-CVE-2018-9479]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: Jianjun Dai (@jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9479] on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-9479]
Fixed on: 2018-06-22 [A-79217770]
Fix released on: 2018-09-05 [Bulletin-CVE-2018-9479]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9479] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9479]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9479]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9496

(json)

CVE numbers: CVE-2018-9496 [Bulletin-CVE-2018-9496]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924 [NIST-CVE-2018-9496]
Discovered by: on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9496]
Fixed on: 2018-06-25 [A-110769924]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9496]
Affected versions: 9 [Bulletin-CVE-2018-9496] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9496]
Fixed versions: 9 [Bulletin-CVE-2018-9496]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9497

(json)

CVE numbers: CVE-2018-9497 [Bulletin-CVE-2018-9497]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669 [NIST-CVE-2018-9497]
Discovered by: Stephan Zeisberg of Security Research Labs [Discovery-CVE-2018-9497] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9497]
Fixed on: 2018-06-25 [A-74078669]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9497]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9497] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9497]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9497]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9475

(json)

CVE numbers: CVE-2018-9475 [Bulletin-CVE-2018-9475]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: En He (@heeeeen4x) and Bo Liu of MS509Team (ms509.com) [Discovery-CVE-2018-9475] on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-9475]
Fixed on: 2018-06-27 [A-79266386]
Fix released on: 2018-09-05 [Bulletin-CVE-2018-9475]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9475] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9475]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9475]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9531

(json)

CVE numbers: CVE-2018-9531 [Bulletin-CVE-2018-9531]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641 [NIST-CVE-2018-9531]
Discovered by: on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-9531]
Fixed on: 2018-06-29 [A-112661641]
Fix released on: 2018-11-05 [Bulletin-CVE-2018-9531]
Affected versions: 9 [Bulletin-CVE-2018-9531] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9531]
Fixed versions: 9 [Bulletin-CVE-2018-9531]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9433

(json)

CVE numbers: CVE-2018-9433 [Bulletin-CVE-2018-9433]
Coordinated disclosure?: unknown
Categories: Framework
Details:
Discovered by: Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9433] on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-9433]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2018-9433]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2018-9433] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9433]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2018-9433]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9504

(json)

CVE numbers: CVE-2018-9504 [Bulletin-CVE-2018-9504]
Coordinated disclosure?: unknown
Categories: System
Details: In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176 [NIST-CVE-2018-9504]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9504] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9504]
Fixed on: 2018-07-16 [A-110216176]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9504]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9504] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9504]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9504]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9490

(json)

CVE numbers: CVE-2018-9490 [Bulletin-CVE-2018-9490]
Coordinated disclosure?: unknown
Categories: Framework
Details: In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046 [NIST-CVE-2018-9490]
Discovered by: Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9490] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9490]
Fixed on: 2018-08-02 [A-111274046]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9490]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9490] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9490]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9490]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9537

(json)

CVE numbers: CVE-2018-9537 [Bulletin-CVE-2018-9537]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564 [NIST-CVE-2018-9537]
Discovered by: on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-9537]
Fixed on: 2018-08-15 [A-112891564]
Fix released on: 2018-11-05 [Bulletin-CVE-2018-9537]
Affected versions: 9 [Bulletin-CVE-2018-9537] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9537]
Fixed versions: 9 [Bulletin-CVE-2018-9537]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9551

(json)

CVE numbers: CVE-2018-9551 [Bulletin-CVE-2018-9551]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548. [NIST-CVE-2018-9551]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9551]
Fixed on: 2018-08-15 [A-112891548]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9551]
Affected versions: 9 [Bulletin-CVE-2018-9551] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9551]
Fixed versions: 9 [Bulletin-CVE-2018-9551]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9527

(json)

CVE numbers: CVE-2018-9527 [Bulletin-CVE-2018-9527]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345 [NIST-CVE-2018-9527]
Discovered by: Zinuo Han(weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9527] on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-9527]
Fixed on: 2018-08-16 [A-112159345]
Fix released on: 2018-11-05 [Bulletin-CVE-2018-9527]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9527] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9527]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9527]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9549

(json)

CVE numbers: CVE-2018-9549 [Bulletin-CVE-2018-9549]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868. [NIST-CVE-2018-9549]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9549] on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9549]
Fixed on: 2018-09-10 [A-112160868]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9549]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9549] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9549]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9549]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9552

(json)

CVE numbers: CVE-2018-9552 [Bulletin-CVE-2018-9552]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892. [NIST-CVE-2018-9552]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9552] on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9552]
Fixed on: 2018-09-11 [A-113260892]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9552]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9552] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9552]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9552]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9555

(json)

CVE numbers: CVE-2018-9555 [Bulletin-CVE-2018-9555]
Coordinated disclosure?: unknown
Categories: System
Details: In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180. [NIST-CVE-2018-9555]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2018-9555] on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9555]
Fixed on: 2018-09-17 [A-112321180]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9555]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9555] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9555]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9555]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2019-2095

(json)

CVE numbers: CVE-2019-2095 [Bulletin-CVE-2019-2095]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-124232283. [NIST-CVE-2019-2095]
Discovered by: on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2095]
Fixed on: 2018-09-17 [A-124232283]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2095]
Affected versions: 9 [Bulletin-CVE-2019-2095] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2095]
Fixed versions: 9 [Bulletin-CVE-2019-2095]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-9583

(json)

CVE numbers: CVE-2018-9583 [Bulletin-CVE-2018-9583]
Coordinated disclosure?: unknown
Categories: System
Details: In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487. [NIST-CVE-2018-9583]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9583] on: Unknown
Reported on: 2019-01-01 [Bulletin-CVE-2018-9583]
Fixed on: 2018-09-18 [A-112860487]
Fix released on: 2019-01-05 [Bulletin-CVE-2018-9583]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9583] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9583]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9583]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-9556

(json)

CVE numbers: CVE-2018-9556 [Bulletin-CVE-2018-9556]
Coordinated disclosure?: unknown
Categories: System
Details: In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184. [NIST-CVE-2018-9556]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9556]
Fixed on: 2018-09-19 [A-113118184]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9556]
Affected versions: 9 [Bulletin-CVE-2018-9556] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9556]
Fixed versions: 9 [Bulletin-CVE-2018-9556]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2019-1988

(json)

CVE numbers: CVE-2019-1988 [Bulletin-CVE-2019-1988]
Coordinated disclosure?: unknown
Categories: Framework
Details: In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692. [NIST-CVE-2019-1988]
Discovered by: on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1988]
Fixed on: 2018-10-24 [A-118372692]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1988]
Affected versions: 8.0, 8.1, 9 [Bulletin-CVE-2019-1988] regex: (8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1988]
Fixed versions: 8.0, 8.1, 9 [Bulletin-CVE-2019-1988]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1989

(json)

CVE numbers: CVE-2019-1989 [Bulletin-CVE-2019-1989]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118399205 [NIST-CVE-2019-1989]
Discovered by: on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2019-1989]
Fixed on: 2018-10-24 [A-118399205]
Fix released on: 2019-03-05 [Bulletin-CVE-2019-1989]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1989] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1989]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1989]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2028

(json)

CVE numbers: CVE-2019-2028 [Bulletin-CVE-2019-2028]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120644655. [NIST-CVE-2019-2028]
Discovered by: Suresh Sivaraman of Ittiam [Discovery-CVE-2019-2028] on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2019-2028]
Fixed on: 2018-11-07 [A-120644655]
Fix released on: 2019-04-05 [Bulletin-CVE-2019-2028]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2028] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2028]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2028]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1986

(json)

CVE numbers: CVE-2019-1986 [Bulletin-CVE-2019-1986]
Coordinated disclosure?: unknown
Categories: Framework
Details: In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472. [NIST-CVE-2019-1986]
Discovered by: Leon Scroggins of Google [Discovery-CVE-2019-1986] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1986]
Fixed on: 2018-11-08 [A-117838472]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1986]
Affected versions: 9 [Bulletin-CVE-2019-1986] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1986]
Fixed versions: 9 [Bulletin-CVE-2019-1986]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1987

(json)

CVE numbers: CVE-2019-1987 [Bulletin-CVE-2019-1987]
Coordinated disclosure?: unknown
Categories: Framework
Details: In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775. [NIST-CVE-2019-1987]
Discovered by: on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1987]
Fixed on: 2018-11-08 [A-118143775]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1987]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1987] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1987]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1987]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1990

(json)

CVE numbers: CVE-2019-1990 [Bulletin-CVE-2019-1990]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118453553 [NIST-CVE-2019-1990]
Discovered by: on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2019-1990]
Fixed on: 2018-11-12 [A-118453553]
Fix released on: 2019-03-05 [Bulletin-CVE-2019-1990]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1990] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1990]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1990]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1992

(json)

CVE numbers: CVE-2019-1992 [Bulletin-CVE-2019-1992]
Coordinated disclosure?: unknown
Categories: System
Details: In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069. [NIST-CVE-2019-1992]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2019-1992] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1992]
Fixed on: 2018-11-20 [A-116222069]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1992]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1992] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1992]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1992]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1991

(json)

CVE numbers: CVE-2019-1991 [Bulletin-CVE-2019-1991]
Coordinated disclosure?: unknown
Categories: System
Details: In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268. [NIST-CVE-2019-1991]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2019-1991] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1991]
Fixed on: 2018-11-27 [A-110166268]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1991]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1991] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1991]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1991]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2009

(json)

CVE numbers: CVE-2019-2009 [Bulletin-CVE-2019-2009]
Coordinated disclosure?: unknown
Categories: System
Details: In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120665616 [NIST-CVE-2019-2009]
Discovered by: Jianjun Dai ( @jioun_dai) and Guang Gong ( @oldfresher) of 360 Alpha Team [Discovery-CVE-2019-2009] on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2019-2009]
Fixed on: 2018-12-11 [A-120665616]
Fix released on: 2019-03-05 [Bulletin-CVE-2019-2009]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2009] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2009]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2009]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2093

(json)

CVE numbers: CVE-2019-2093 [Bulletin-CVE-2019-2093]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119292397. [NIST-CVE-2019-2093]
Discovered by: on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2093]
Fixed on: 2018-12-20 [A-119292397]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2093]
Affected versions: 9 [Bulletin-CVE-2019-2093] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2093]
Fixed versions: 9 [Bulletin-CVE-2019-2093]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2029

(json)

CVE numbers: CVE-2019-2029 [Bulletin-CVE-2019-2029]
Coordinated disclosure?: unknown
Categories: System
Details: In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120612744. [NIST-CVE-2019-2029]
Discovered by: Wenke Dou (email), Chi Zhang (email), and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2019-2029] on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2019-2029]
Fixed on: 2019-01-09 [A-120612744]
Fix released on: 2019-04-05 [Bulletin-CVE-2019-2029]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2029] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2029]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2029]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2111

(json)

CVE numbers: CVE-2019-2111 [Bulletin-CVE-2019-2111]
Coordinated disclosure?: unknown
Categories: System
Details: In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122856181. [NIST-CVE-2019-2111]
Discovered by: Alex Abfalter of Google [Discovery-CVE-2019-2111] on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2111]
Fixed on: 2019-01-22 [2]
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2111]
Affected versions: 9 [Bulletin-CVE-2019-2111] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2111]
Fixed versions: 9 [Bulletin-CVE-2019-2111]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2027

(json)

CVE numbers: CVE-2019-2027 [Bulletin-CVE-2019-2027]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119120561. [NIST-CVE-2019-2027]
Discovered by: Qi Zhao ( @JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2019-2027] on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2019-2027]
Fixed on: 2019-01-23 [A-119120561]
Fix released on: 2019-04-05 [Bulletin-CVE-2019-2027]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2027] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2027]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2027]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2044

(json)

CVE numbers: CVE-2019-2044 [Bulletin-CVE-2019-2044]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862 [NIST-CVE-2019-2044]
Discovered by: Cusas of L.O. Team [Discovery-CVE-2019-2044] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2044]
Fixed on: 2019-02-26 [A-123701862]
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2044]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2044] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2044]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2044]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2045

(json)

CVE numbers: CVE-2019-2045 [Bulletin-CVE-2019-2045]
Coordinated disclosure?: unknown
Categories: System
Details: In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117554758 [NIST-CVE-2019-2045]
Discovered by: Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2045] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2045]
Fixed on: 2019-03-05 [A-117554758]
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2045]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.1, 9 [Bulletin-CVE-2019-2045] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2045]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.1, 9 [Bulletin-CVE-2019-2045]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2046

(json)

CVE numbers: CVE-2019-2046 [Bulletin-CVE-2019-2046]
Coordinated disclosure?: unknown
Categories: System
Details: In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117556220 [NIST-CVE-2019-2046]
Discovered by: Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2046] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2046]
Fixed on: 2019-03-05 [A-117556220]
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2046]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2046] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2046]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2046]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2047

(json)

CVE numbers: CVE-2019-2047 [Bulletin-CVE-2019-2047]
Coordinated disclosure?: unknown
Categories: System
Details: In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117607414 [NIST-CVE-2019-2047]
Discovered by: Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2047] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2047]
Fixed on: 2019-03-05 [A-117607414]
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2047]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2047] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2047]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2047]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2097

(json)

CVE numbers: CVE-2019-2097 [Bulletin-CVE-2019-2097]
Coordinated disclosure?: unknown
Categories: System
Details: In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117606285. [NIST-CVE-2019-2097]
Discovered by: Wei Liu (刘炜), Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2097] on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2097]
Fixed on: 2019-03-08 [A-117606285]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2097]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2097] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2097]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2097]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2106

(json)

CVE numbers: CVE-2019-2106 [Bulletin-CVE-2019-2106]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130023983. [NIST-CVE-2019-2106]
Discovered by: Kostya Serebryany of Google, using libFuzzer and AddressSanitizer [Discovery-CVE-2019-2106] on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2106]
Fixed on: 2019-03-29 [A-130023983]
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2106]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2106] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2106]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2106]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2094

(json)

CVE numbers: CVE-2019-2094 [Bulletin-CVE-2019-2094]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-129068792. [NIST-CVE-2019-2094]
Discovered by: Cusas of L.O. Team [Discovery-CVE-2019-2094] on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2094]
Fixed on: 2019-04-01 [A-129068792]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2094]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2094] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2094]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2094]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2107

(json)

CVE numbers: CVE-2019-2107 [Bulletin-CVE-2019-2107]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844. [NIST-CVE-2019-2107]
Discovered by: Kostya Serebryany of Google, using libFuzzer and AddressSanitizer [Discovery-CVE-2019-2107] on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2107]
Fixed on: 2019-04-05 [A-130024844]
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2107]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2107] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2107]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2107]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2130

(json)

CVE numbers: CVE-2019-2130 [Bulletin-CVE-2019-2130]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: Wei Liu (刘炜), Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2130] on: Unknown
Reported on: 2019-08-01 [Bulletin-CVE-2019-2130]
Fixed on: 2019-06-03 [A-132073833]
Fix released on: 2019-08-05 [Bulletin-CVE-2019-2130]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2130] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2130]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2130]
Submission: by: Daniel Carter, on: 2019-08-12

CVE-2019-2109

(json)

CVE numbers: CVE-2019-2109 [Bulletin-CVE-2019-2109]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-130651570. [NIST-CVE-2019-2109]
Discovered by: on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2109]
Fixed on: Unknown
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2109]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2019-2109] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2109]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2019-2109]
Submission: by: Daniel Carter, on: 2019-07-24