Yabin Cui

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-04-01 **Description** The issue is caused by multiple integer overflows in the minzip/SysUtil.c component of the Recovery Procedure in the Android operating system. This can be exploited by a local attacker using a specially crafted application to gain privileges. The exploitation can result in obtaining Signature or SignatureOrSystem access. **Recommendations** For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-04-01, apply the patch available as of 2016-04-01 or later.