CVE-2016-2059 — HIGH (7.0) — White Hats Nepal

Q: How severe is CVE-2016-2059?

CVE-2016-2059 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2059?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Google Android.

Vulnerability Description

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.0, <= 3.19.8
Google	Android	<= 7.0

Related Weaknesses (CWE)

CWE-269

References

http://source.android.com/security/bulletin/2016-10-01.htmlPatchThird Party Advisory
http://www.securityfocus.com/bid/90230Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1035765Third Party AdvisoryVDB Entry
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=9e8bdd63f7011dMailing ListPatchThird Party Advisory
https://www.codeaurora.org/projects/security-advisories/linux-ipc-router-bindingBroken Link
http://source.android.com/security/bulletin/2016-10-01.htmlPatchThird Party Advisory
http://www.securityfocus.com/bid/90230Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1035765Third Party AdvisoryVDB Entry
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=9e8bdd63f7011dMailing ListPatchThird Party Advisory
https://www.codeaurora.org/projects/security-advisories/linux-ipc-router-bindingBroken Link

FAQ

What is CVE-2016-2059?

CVE-2016-2059 is a vulnerability with a CVSS score of 7.0 (HIGH). The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contrib...

How severe is CVE-2016-2059?

CVE-2016-2059 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2059?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Google Android.