7.8

CVE-2016-5340

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version <= 7.0
LinuxLinux Kernel Version >= 3.0 <= 3.19.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.218
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1036763
Third Party Advisory
VDB Entry
http://source.android.com/security/bulletin/2016-10-01.html
Third Party Advisory
http://www.securityfocus.com/bid/92374
Third Party Advisory
VDB Entry
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6
Patch
Third Party Advisory
Mailing List
https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340
Broken Link