Vulnerability Description
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 7.0 | |
| Linux | Linux Kernel | >= 3.0, <= 3.19.8 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-10-01.htmlThird Party Advisory
- http://www.securityfocus.com/bid/92374Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036763Third Party AdvisoryVDB Entry
- https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e547Mailing ListPatchThird Party Advisory
- https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340Broken Link
- http://source.android.com/security/bulletin/2016-10-01.htmlThird Party Advisory
- http://www.securityfocus.com/bid/92374Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036763Third Party AdvisoryVDB Entry
- https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e547Mailing ListPatchThird Party Advisory
- https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340Broken Link
FAQ
What is CVE-2016-5340?
CVE-2016-5340 is a vulnerability with a CVSS score of 7.8 (HIGH). The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linu...
How severe is CVE-2016-5340?
CVE-2016-5340 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5340?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Linux Linux Kernel.