Critical rating received vulnerabilities in Android Media server (CVE-2016-2428 and CVE-2016-2429), allowing to remotely execute code in the context of Mediaserver service. The list also includes the critical vulnerabilities in Qualcomm TrustZone (CVE-2016-2431 and CVE-2016-2432), Android debugger (CVE-2016-2430), Wi-Fi driver from Qualcomm (CVE-2015-0569 and CVE-2015 -0570), NVIDIA video driver (CVE-2016-2434, CVE-2016-2435, CVE-2016-2436 and CVE-2016-2437) and in the nucleus (CVE-2015-1805), allowing to elevate privileges. Vulnerabilities are also found in the kernel (CVE-2016-2438) and Bluetooth (CVE-2016-2439), which received the highest rating of danger, and allow you to remotely execute arbitrary code. But, With the help of the Qualcomm Tethering Controller (CVE-2016-2060) the vulnerability can expose. The list of the dangerous vulnerabilities were also in Binder (CVE-2016-2440), Qualcomm Buspm drivers (CVE-2016-2441 and CVE-2016-2442), MDP (CVE-2016-2443) and Wi-Fi (CVE-2015- 0571), NVIDIA video driver (CVE-2016-2444, CVE-2016-2445 and CVE-2016-2446), Mediaserver (CVE-2016-2448, CVE-2016-2449, CVE-2016-2450, CVE-2016-2451 and CVE-2016-2452) and the driver MediaTek Wi-Fi (CVE-2016-2453). With their help, the attacker can increase the privileges and the vulnerability in Qualcomm Hardware Codec (CVE-2016-2454) allows the remote denial of service. By exploiting the vulnerability in the kernel (CVE-2016-0774) the attacker Moe Zht cause a denial of service. Hence, all the problems except for the CVE-2016-2060, which affects the Nexus devices which are a line of consumer electronic devices from Google that runs the Android operating system and the remaining vulnerabilities are marked as medium risk.
Δ
