CVE-2016-5340

EPSS 0.03%
Published 07.08.2016 21:59:08
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Android Version <= 7.0

Linux ≫ Linux Kernel Version >= 3.0 <= 3.19.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.081

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1036763

Third Party Advisory

VDB Entry

http://source.android.com/security/bulletin/2016-10-01.html

Third Party Advisory

http://www.securityfocus.com/bid/92374

Third Party Advisory

VDB Entry

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6

Patch

Third Party Advisory

Mailing List