Vulnerability Description
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 7.0 | |
| Linux | Linux Kernel | >= 3.0, <= 3.19.8 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-10-01.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/92695Third Party AdvisoryVDB Entry
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2cMailing ListPatchThird Party Advisory
- https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344Broken Link
- http://source.android.com/security/bulletin/2016-10-01.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/92695Third Party AdvisoryVDB Entry
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2cMailing ListPatchThird Party Advisory
- https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344Broken Link
FAQ
What is CVE-2016-5344?
CVE-2016-5344 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause ...
How severe is CVE-2016-5344?
CVE-2016-5344 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-5344?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Linux Linux Kernel.