Published: 07/02/2016 Updated: 14/03/2016

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

media/libmedia/SoundPool.cpp in mediaserver in Android 4.x prior to 4.4.4, 5.x prior to 5.1.1 LMY49G, and 6.x prior to 2016-02-01 mishandles locking requirements, which allows malicious users to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 5.0
google android 4.4.3
google android 4.4.2
google android 4.4.1
google android 4.4
google android 6.0.1
google android 6.0
google android 5.1.1
google android 4.2
google android 4.1.2
google android 4.1
google android 4.0.4
google android 5.1
google android 5.0.1
google android 4.3
google android 4.2.1
google android 4.0.3
google android 4.0.1
google android 5.1.0
google android 5.0.2
google android 4.3.1
google android 4.2.2
google android 4.0.2
google android 4.0

Google plugs Android vulns

The Register • Richard Chirgwin • 02 Feb 2016

Happy days if you own a Nexus

Five "critical," four "high" severity and one merely "moderate" bug make up the menu of Android security patches, which are now available for Nexus devices and will flow through to myriad other devices when it rains up instead of down. The critical bugs relate to Broadcom and Qualcomm WiFi drivers, Android's Mediaserver, Qualcomm's performance module, and the Android debugger daemon. Here's the advisory. One by one, the critical bugs are: There's a Minikin library bug (CVE-2016-0808) that could ...

CVE-2016-0810

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect