CVE-2016-5346

Current Description

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).

Basic Data

PublishedJanuary 08, 2020
Last ModifiedJanuary 12, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGoogleAndroid********7.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareGooglePixel-*******
      2.3HardwareGooglePixel Xl-*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGoogleAndroid********7.0

Vulnerable Software List

VendorProductVersions
Google Android *

References

NameSourceURLTags
http://www.securityfocus.com/bid/97371http://www.securityfocus.com/bid/97371MISCThird Party Advisory VDB Entry
http://www.securitytracker.com/id/1038201http://www.securitytracker.com/id/1038201MISCThird Party Advisory VDB Entry
https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346MISCExploit Third Party Advisory
https://source.android.com/security/bulletin/2017-04-01.htmlhttps://source.android.com/security/bulletin/2017-04-01.htmlMISCThird Party Advisory
https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abMISCPatch Third Party Advisory