A remote code execution vulnerability in the Qualcomm crypto driver in Android prior to 2016-11-05 could enable a remote malicious user to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970.
Vulnerabilities Discovered By Me (mostly) Google CVE Number Feature Keywords Bulletin CVE-2016-0805 perf_event_open Buffer Overflow, OOB Android bulletin 2016-02 CVE-2016-0844 msm ipa driver Array Overflow, OOB Android bulletin 2016-04 CVE-2016-3869 bcmdhd driver Array Overflow, OOB Android bulletin 2016-09 CVE-2016-3865 touchscreen driver Stack Overflow, OOB Andro
Google’s November Android Security Bulletin, released Monday, patched 15 critical vulnerabilities and addressed 85 CVEs overall. But conspicuously absent is a fix for the Linux race condition vulnerability known as Dirty Cow (Copy-on-Write) that also impacts Android.
While Google didn’t issue an official fix for the Dirty Cow vulnerability (CVE-2016-5195), it did release “supplemental” firmware updates for its Nexus and Pixel handsets. According to Michael Cherny, head of security...