Vulnerability Description
drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 6.0.1 | |
| Linux | Linux Kernel | >= 3.0, <= 3.19.8 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-07-01.htmlPatchVendor Advisory
- https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cfMailing ListPatchVendor Advisory
- https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cvBroken Link
- http://source.android.com/security/bulletin/2016-07-01.htmlPatchVendor Advisory
- https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cfMailing ListPatchVendor Advisory
- https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cvBroken Link
FAQ
What is CVE-2016-2067?
CVE-2016-2067 is a vulnerability with a CVSS score of 7.8 (HIGH). drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mish...
How severe is CVE-2016-2067?
CVE-2016-2067 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2067?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Linux Linux Kernel.