The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x prior to 5.1.1 LMY49H and 6.x prior to 2016-03-01 does not initialize a certain slot variable, which allows malicious users to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 5.1.0 |
||
google android 5.1 |
||
google android 6.0.1 |
||
google android 5.0 |
||
google android 6.0 |
||
google android 5.1.1 |
||
google android 5.0.2 |
||
google android 5.0.1 |