CVE-2016-6681

Опубликовано: 10 окт. 2016

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 30152182 and Qualcomm internal bug CR 1049521.

Ссылки

http://source.android.com/security/bulletin/2016-10-01.html
Vendor Advisory
http://www.securityfocus.com/bid/93309
Third Party Advisory
VDB Entry
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0950fbd39ff189497f1b6115825c210e3eeaf395
Patch
Third Party Advisory
http://source.android.com/security/bulletin/2016-10-01.html
Vendor Advisory
http://www.securityfocus.com/bid/93309
Third Party Advisory
VDB Entry
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0950fbd39ff189497f1b6115825c210e3eeaf395
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Версия до 7.0 (включая)

EPSS

Процентиль: 32%

0.00122

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-4jwg-2564-39gf