Vulnerability Description
The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.0.0, <= 3.19.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97414Third Party AdvisoryVDB Entry
- https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=71fe5361cbef34PatchThird Party Advisory
- https://www.codeaurora.org/null-pointer-dereference-when-processing-accept-systeBroken Link
- http://www.securityfocus.com/bid/97414Third Party AdvisoryVDB Entry
- https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=71fe5361cbef34PatchThird Party Advisory
- https://www.codeaurora.org/null-pointer-dereference-when-processing-accept-systeBroken Link
FAQ
What is CVE-2016-5870?
CVE-2016-5870 is a vulnerability with a CVSS score of 7.8 (HIGH). The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM...
How severe is CVE-2016-5870?
CVE-2016-5870 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5870?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.