The technical details of security vulnerabilities impacting the Nvidia Video and an Android driver have been revealed by Zimperium, which acquired the flaws as part of an exploit acquisition program.
On Tuesday, Zimperium zLabs researchers published a blog post detailing the security flaws, two escalation of privilege bugs found within the NVIDIA Video driver and MSM Thermal driver.
The Nvidia bug, CVE-2016-2435, impacts Android 6.0 on the Nexus 9 handset. The problem arises when attackers craft an application to tamper with read/write memory values and force privilege escalation.
The second security flaw, CVE-2016-2411, involves a Qualcomm power management kernel driver, the MSM Thermal driver, in Android version 6. If an attacker crafts a malicious application, they can give themselves root access through an internal bug in the driver, leading to privilege escalation.
These bugs are well documented, known, and for the most part security updates have been issued. However, Zimperium says that making the technical details available of these so-called “N-day” flaws is important and can act as a catalyst to boost the speed of patch production and to iron out problems arriving between a patch being created and vendors distributing the update in good time.
Submitted by: Arnfried Walbrecht