An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel.
This is a summary of the mitigations provided by the Android security platform and service protections such as Safety Net.
These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.
To protect users who install applications from outside of Google Play, Verify Apps is enabled by default and will warn users about known rooting applications.
Verify Apps attempts to identify and block installation of known malicious applications that exploit a privilege escalation vulnerability.
The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are disabled for development purposes or if successfully bypassed.
We have had no reports of active customer exploitation of these newly reported issues.Refer to the Mitigations section for details on the Android security platform protections and service protections such as Safety Net, which improve the security of the Android platform.We encourage all customers to accept these updates to their devices.Therefore, please ensure that NEXUS always has your current contact information on file.We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process.There is a description of the issue, a severity rationale, and a table with the CVE, associated bug, severity, updated versions, and date reported.