CVE-2016-5862

When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.

CVSS v3 7.0 HIGH
CVSS v2.0 7.6 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/98194	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2017-05-01	Patch Vendor Advisory
https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04	Issue Tracking Patch Third Party Advisory
http://www.securityfocus.com/bid/98194	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2017-05-01	Patch Vendor Advisory
https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:55

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/98194 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/98194 - Third Party Advisory, VDB Entry
References	~~() https://source.android.com/security/bulletin/2017-05-01 - Patch, Vendor Advisory~~	() https://source.android.com/security/bulletin/2017-05-01 - Patch, Vendor Advisory
References	~~() https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04 - Issue Tracking, Patch, Third Party Advisory~~	() https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2017-08-16 15:29

Updated : 2025-04-20 01:37

NVD link : CVE-2016-5862

Mitre link : CVE-2016-5862

CVE.ORG link : CVE-2016-5862

JSON object : View

Products Affected

google

android

CWE

CWE-264

Permissions, Privileges, and Access Controls

7.0 /10