The Android Open Source Project

99 exploits Active since May 2014
CVE-2016-8430 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430.
8 stars
CVSS 7.8
CVE-2016-8428 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428.
8 stars
CVSS 7.8
CVE-2016-8427 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427.
8 stars
CVSS 7.8
CVE-2016-8429 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429.
8 stars
CVSS 7.8
CVE-2016-8425 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425.
8 stars
CVSS 7.8
CVE-2016-6736 GITHUB HIGH c WORKING POC
Google Android < 7.0 - Access Control
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736.
8 stars
CVSS 7.8
CVE-2016-6731 GITHUB HIGH c WORKING POC
Google Android < 7.0 - Access Control
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731.
8 stars
CVSS 7.3
CVE-2016-6732 GITHUB HIGH c WORKING POC
Google Android < 7.0 - Access Control
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732.
8 stars
CVSS 7.3
CVE-2016-3818 GITHUB MEDIUM c WORKING POC
Android <4.4.4 - DoS
libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.
8 stars
CVSS 5.5
CVE-2016-6730 GITHUB HIGH c WORKING POC
Google Android < 7.0 - Access Control
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730.
8 stars
CVSS 7.3
CVE-2016-6735 GITHUB HIGH c WORKING POC
Google Android < 7.0 - Access Control
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735.
8 stars
CVSS 7.8
CVE-2016-6733 GITHUB HIGH c WORKING POC
Google Android < 7.0 - Access Control
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733.
8 stars
CVSS 7.3
CVE-2014-3145 GITHUB c WORKING POC
Linux Kernel < 3.14.3 - Out-of-Bounds Read
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.
8 stars
CVE-2012-6702 GITHUB MEDIUM c WORKING POC
Libexpat < 2.2.0 - Cryptographic Issue
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
8 stars
CVSS 5.9
CVE-2016-2412 GITHUB HIGH c WORKING POC
Google Android - Access Control
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.
8 stars
CVSS 7.8
CVE-2016-10229 GITHUB CRITICAL c WORKING POC
Linux kernel <4.5 - RCE
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
8 stars
CVSS 9.8
CVE-2015-1805 GITHUB c WORKING POC
Google Android < 3.15.10 - Denial of Service
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
8 stars
CVE-2016-2109 GITHUB HIGH c WORKING POC
Openssl < 1.0.1s - Resource Management Error
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
8 stars
CVSS 7.5
CVE-2016-2419 GITHUB CRITICAL c WORKING POC
Google Android - Access Control
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
8 stars
CVSS 9.8
CVE-2016-2460 GITHUB MEDIUM c WORKING POC
Google Android - Information Disclosure
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.
8 stars
CVSS 5.5
CVE-2016-3747 GITHUB HIGH c WORKING POC
Android <4.4.4, <5.0.2, <5.1.1, <2016-07-01 - Privilege Escalation
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
8 stars
CVSS 7.8
CVE-2016-2471 GITHUB HIGH c WORKING POC
Qualcomm Wi-Fi - Privilege Escalation
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913.
8 stars
CVSS 7.8
CVE-2014-9803 GITHUB HIGH c WORKING POC
Linux kernel <3.15-rc5-next-20140519 - Privilege Escalation
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
8 stars
CVSS 7.8
CVE-2016-6734 GITHUB HIGH c WORKING POC
Google Android < 7.0 - Access Control
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734.
8 stars
CVSS 7.8
CVE-2016-8431 GITHUB HIGH c WORKING POC
Android Kernel 3.18 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431.
8 stars
CVSS 7.8