CVE-2016-5864 Information

Description

In an audio driver function in all Qualcomm products with Android for MSM Firefox OS for MSM or QRD Android some parameters are from userspace and if they are set to a large value integer overflow is possible followed by buffer overflow. In another function a missing check for a lower bound may result in an out of bounds memory access.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8