Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2016-2067 Improper Privilege Management vulnerability in multiple products
drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.
local
low complexity
google linux CWE-269
7.8
2016-07-11 CVE-2015-8892 Permissions, Privileges, and Access Controls vulnerability in Google Android
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2015-8891 Numeric Errors vulnerability in Google Android
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2015-8890 Permissions, Privileges, and Access Controls vulnerability in Google Android
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2015-8889 Permissions, Privileges, and Access Controls vulnerability in Google Android
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2015-8888 Numeric Errors vulnerability in Google Android
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9803 Data Processing Errors vulnerability in multiple products
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
local
low complexity
linux google CWE-19
7.8
2016-07-11 CVE-2014-9802 Permissions, Privileges, and Access Controls vulnerability in Google Android
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9801 Numeric Errors vulnerability in Google Android
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9800 Numeric Errors vulnerability in Google Android
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.
local
low complexity
google CWE-189
7.8