CVE-2017-0563
https://notcve.org/view.php?id=CVE-2017-0563
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. • http://seclists.org/fulldisclosure/2017/May/19 http://www.securityfocus.com/bid/97342 http://www.securitytracker.com/id/1038201 https://alephsecurity.com/vulns/aleph-2017009 https://github.com/alephsecurity/PoCs/tree/master/CVE-2017-0563 https://source.android.com/security/bulletin/2017-04-01 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2017-0564
https://notcve.org/view.php?id=CVE-2017-0564
An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203. • https://github.com/guoygang/CVE-2017-0564-ION-PoC http://www.securityfocus.com/bid/97344 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 https://source.android.com/security/bulletin/2017-12-01 •
CVE-2017-0332
https://notcve.org/view.php?id=CVE-2017-0332
An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33812508. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.securityfocus.com/bid/97333 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01.html • CWE-787: Out-of-bounds Write •
CVE-2017-0327
https://notcve.org/view.php?id=CVE-2017-0327
An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.securityfocus.com/bid/97333 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2017-0328
https://notcve.org/view.php?id=CVE-2017-0328
An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. • http://www.securityfocus.com/bid/97347 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •