Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2016-01-06 CVE-2015-6647 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
local
low complexity
google CWE-264
7.8
2016-01-06 CVE-2015-6640 Permissions, Privileges, and Access Controls vulnerability in Google Android
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
local
low complexity
google CWE-264
7.8
2016-01-06 CVE-2015-6639 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
local
low complexity
google CWE-264
7.8
2016-01-06 CVE-2015-6638 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
local
low complexity
google CWE-264
7.8
2016-01-06 CVE-2015-6637 Permissions, Privileges, and Access Controls vulnerability in Google Android
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
local
low complexity
google CWE-264
7.8
2014-12-17 CVE-2014-9322 Improper Privilege Management vulnerability in multiple products
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
7.8
2011-06-09 CVE-2011-1823 Integer Overflow or Wraparound vulnerability in Google Android
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
local
low complexity
google CWE-190
7.8