CVE-2016-2066

Sažetak

Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call.

Reference

http://source.android.com/security/bulletin/2016-06-01.html
http://www.securityfocus.com/bid/91046
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88
https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

06-08-2020 - 18:06

Objavljeno

13-06-2016 - 01:59