CVE-2017-13209 – Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon
https://notcve.org/view.php?id=CVE-2017-13209
In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • https://www.exploit-db.com/exploits/43513 http://www.securityfocus.com/bid/102415 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-862: Missing Authorization •
CVE-2017-13149
https://notcve.org/view.php?id=CVE-2017-13149
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872. Existe una vulnerabilidad de divulgación de información en el framework multimedia de Android (n/a). • https://source.android.com/security/bulletin/pixel/2017-12-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0871
https://notcve.org/view.php?id=CVE-2017-0871
An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159. Existe una vulnerabilidad de elevación de privilegios en el framework de Android (framework base). • http://www.securityfocus.com/bid/102131 https://source.android.com/security/bulletin/2017-12-01 •
CVE-2017-0879
https://notcve.org/view.php?id=CVE-2017-0879
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028. Existe una vulnerabilidad de divulgación de información en el framework multimedia de Android (n/a). • https://source.android.com/security/bulletin/pixel/2017-12-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0870
https://notcve.org/view.php?id=CVE-2017-0870
An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807. Existe una vulnerabilidad de elevación de privilegios en el framework de Android (libminikin). • http://www.securityfocus.com/bid/102131 https://source.android.com/security/bulletin/2017-12-01 •