The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Qualcomm
Google
Denial Of Service
Authentication Bypass
Android
NVD
CVSS 3.0
5.9
EPSS
0.4%