An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. To exploit this issue it is required to compromise a privileged process first.

External References:

https://source.android.com/security/bulletin/2017-05-01#id-in-kernel-uvc-driver