CVE-2016-5346

Опубликовано: 08 янв. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).

Ссылки

http://www.securityfocus.com/bid/97371
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038201
Third Party Advisory
VDB Entry
https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346
Exploit
Third Party Advisory
https://source.android.com/security/bulletin/2017-04-01.html
Third Party Advisory
https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474
Patch
Third Party Advisory
http://www.securityfocus.com/bid/97371
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038201
Third Party Advisory
VDB Entry
https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346
Exploit
Third Party Advisory
https://source.android.com/security/bulletin/2017-04-01.html
Third Party Advisory
https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Версия до 7.0 (исключая)

Одно из

cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*

cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Версия до 7.0 (исключая)

EPSS

Процентиль: 29%

0.00105

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-5f4q-fmwx-64m4

github

больше 3 лет назад

BDU:2020-04523