media/libmedia/IDrm.cpp in mediaserver in Android 6.x prior to 2016-04-01 does not initialize a certain key-request data structure, which allows malicious users to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 6.0 |
||
google android 6.0.1 |