Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 21.7%.
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.