CVE-2016-2068 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2016-2068?

CVE-2016-2068 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2068?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Linux Linux Kernel.

Vulnerability Description

The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Android	<= 6.0.1
Linux	Linux Kernel	>= 3.0, <= 3.19.8

Related Weaknesses (CWE)

CWE-190

References

http://source.android.com/security/bulletin/2016-07-01.htmlPatchVendor Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd78Mailing ListPatchThird Party Advisory
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889Mailing ListPatchThird Party Advisory
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013Mailing ListPatchThird Party Advisory
https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allowBroken Link
http://source.android.com/security/bulletin/2016-07-01.htmlPatchVendor Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd78Mailing ListPatchThird Party Advisory
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889Mailing ListPatchThird Party Advisory
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013Mailing ListPatchThird Party Advisory
https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allowBroken Link

FAQ

What is CVE-2016-2068?

CVE-2016-2068 is a vulnerability with a CVSS score of 7.8 (HIGH). The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain ...

How severe is CVE-2016-2068?

CVE-2016-2068 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2068?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Linux Linux Kernel.