Vulnerability Description
When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98194Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2017-05-01PatchVendor Advisory
- https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3Issue TrackingPatchThird Party Advisory
- http://www.securityfocus.com/bid/98194Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2017-05-01PatchVendor Advisory
- https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2016-5862?
CVE-2016-5862 is a vulnerability with a CVSS score of 7.0 (HIGH). When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead ...
How severe is CVE-2016-5862?
CVE-2016-5862 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5862?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.