Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Android Operating System < 5.1.0 Multiple Vulnerabilities

Critical

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

The Google Android operating system prior to 5.1.0 is affected by the following vulnerabilities

- An overflow condition in the 'print_option()' function of the DHCP client daemon 'dhcp.c' is triggered when handling DHCP options. With a specially crafted ACK packet response, a context-dependent attacker can execute arbitrary code. (CVE-2014-7913) - There is an integer overflow conditions in the 'GraphicBuffer::unflatten()' function in 'platform/frameworks/native/libs/ui/GraphicBuffer.cpp' related to a large number of file descriptors or integer values. This may allow a malicious application to corrupt memory, causing a crash or potentially executing code with escalated privileges. (CVE-2015-1474) - There is an integer overflow condition in the 'BnAudioPolicyService::onTransact()' function in 'IAudioPolicyService.cpp'. The issue is triggered as user-supplied input is not properly validated when handling a bound array size. This may allow a local attacker to cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code. (CVE-2015-1530)

Solution

Upgrade to Google Android operating system version 5.1.0 or later.