CVE-2016-5864
Last modified
CVE-2016-5864 is a vulnerability of currently unknown severity. In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Android | All versions |
References
- http://www.securitytracker.com/id/1038623Third Party Advisory, VDB Entry
- https://source.android.com/security/bulletin/2017-06-01Patch, Vendor Advisory
- https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50aIssue Tracking, Patch, Third Party Advisory
- http://www.securitytracker.com/id/1038623Third Party Advisory, VDB Entry
- https://source.android.com/security/bulletin/2017-06-01Patch, Vendor Advisory
- https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50aIssue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-5864?
How severe is CVE-2016-5864?
How do I fix CVE-2016-5864?
Are you affected by CVE-2016-5864?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST