Published: 25/11/2016 Updated: 28/11/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A remote code execution vulnerability in the Qualcomm crypto driver in Android prior to 2016-11-05 could enable a remote malicious user to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970.

Affected Products

Vendor Product Versions

Vendor Advisories

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Alongside the bulletin, we have released a security update to Google devices through an over-the-air (OTA) update The Google device firmware images have also been released to the Google Developer site Security patch levels of November 06, 2016 or ...

Github Repositories

Vulnerabilities Discovered By Me (mostly) Google CVE Number Feature Keywords Bulletin CVE-2016-0805 perf_event_open Buffer Overflow, OOB Android bulletin 2016-02 CVE-2016-0844 msm ipa driver Array Overflow, OOB Android bulletin 2016-04 CVE-2016-3869 bcmdhd driver Array Overflow, OOB Android bulletin 2016-09 CVE-2016-3865 touchscreen driver Stack Overflow, OOB Andro

Recent Articles

Google Releases Supplemental Patch for Dirty Cow Vulnerability
Threatpost • Tom Spring • 08 Nov 2016

Google’s November Android Security Bulletin, released Monday, patched 15 critical vulnerabilities and addressed 85 CVEs overall. But conspicuously absent is a fix for the Linux race condition vulnerability known as Dirty Cow (Copy-on-Write) that also impacts Android.
While Google didn’t issue an official fix for the Dirty Cow vulnerability (CVE-2016-5195), it did release “supplemental” firmware updates for its Nexus and Pixel handsets. According to Michael Cherny, head of security...