Vulnerabilities > CVE-2016-0825 - 7PK - Security Features vulnerability in Google Android 6.0.1

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

google

CWE-254

NVD

Published: 2016-03-12

Updated: 2016-11-28

Summary

The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 6.0.1	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://source.android.com/security/bulletin/2016-03-01.html
http://www.securityfocus.com/bid/84269