Total vulnerabilities in the database
The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113.
Software | From | Fixed in |
---|---|---|
google / android | 5.1.0 | 5.1.0.x |
google / android | 5.0.2 | 5.0.2.x |
google / android | 6.0.1 | 6.0.1.x |
google / android | 6.0 | 6.0.x |
google / android | 5.0.1 | 5.0.1.x |
google / android | 5.0 | 5.0.x |
google / android | 5.1.1 | 5.1.1.x |
google / android | 5.1 | 5.1.x |