Google Nexus Qualcomm Crypto Engine Driver CVE-2017-10230 Remote Code Execution Vulnerability

Google Nexus is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the kernel.

This issue is being tracked by Android bug ID A-34389927.

Information

Bugtraq ID: 97400
Class: Input Validation Error
CVE: CVE-2016-10230

Remote: Yes
Local: No
Published: Apr 03 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Google Pixel XL 0
Google Pixel 0
Google Nexus 6P
Google Nexus 6
Google Nexus 5X
Google Android One 0
Google Android 0

Not Vulnerable:

References:

• Android Homepage (Google)
  
• qcrypto: protect potential integer overflow (Qualcomm)
  
• Android Security Bulletinâ??April 2017 (Android )
  

Source: www.securityfocus.com