CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0504
https://notcve.org/view.php?id=CVE-2017-0504
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. • http://www.securityfocus.com/bid/96726 http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01 https://source.android.com/security/bulletin/2017-03-01.html •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0489
https://notcve.org/view.php?id=CVE-2017-0489
An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107. • http://www.securityfocus.com/bid/96792 http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01 https://source.android.com/security/bulletin/2017-03-01.html •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0479
https://notcve.org/view.php?id=CVE-2017-0479
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32707507. • http://www.securityfocus.com/bid/96958 http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01 https://source.android.com/security/bulletin/2017-03-01.html •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-10200 – kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature
https://notcve.org/view.php?id=CVE-2016-10200
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. Condición de carrera en la característica L2TPv3 IP Encapsulation en el kernel de Linux en versiones anteriores a 4.8.14 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación) realizando múltiples llamadas al sistema enlazadas sin comprobar adecuadamente si un socket tiene el estatus SOCK_ZAPPED, relacionado con net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50ef http://source.android.com/security/bulletin/2017-03-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14 http://www.securityfocus.com/bid/101783 http://www.securitytracker.com/id/1037965 http://www.securitytracker.com/id/1037968 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com&#x • CWE-264: Permissions, Privileges, and Access Controls CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-0421
https://notcve.org/view.php?id=CVE-2017-0421
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. • http://www.securityfocus.com/bid/96096 http://www.securitytracker.com/id/1037798 https://source.android.com/security/bulletin/2017-02-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •