Vulnerability Description
In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | All versions |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1038623Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2017-06-01PatchVendor Advisory
- https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bcaIssue TrackingPatchThird Party Advisory
- http://www.securitytracker.com/id/1038623Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2017-06-01PatchVendor Advisory
- https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bcaIssue TrackingPatchThird Party Advisory
FAQ
What is CVE-2016-5864?
CVE-2016-5864 is a vulnerability with a CVSS score of 7.8 (HIGH). In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflo...
How severe is CVE-2016-5864?
CVE-2016-5864 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5864?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.