CVE-2016-6684 — MEDIUM (5.5)

Vulnerability Description

The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30148243.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Android	7.0
Google	Android One	-
Google	Nexus 5	-
Google	Nexus 5X	-
Google	Nexus 6	-
Google	Nexus 6P	-
Google	Nexus 9	-
Google	Nexus Player	-

Related Weaknesses (CWE)

CWE-200

References

http://source.android.com/security/bulletin/2016-10-01.htmlVendor Advisory
http://www.securityfocus.com/bid/93326Third Party AdvisoryVDB Entry
http://source.android.com/security/bulletin/2016-10-01.htmlVendor Advisory
http://www.securityfocus.com/bid/93326Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-6684?

CVE-2016-6684 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted applicati...

How severe is CVE-2016-6684?

CVE-2016-6684 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6684?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Google Android One, Google Nexus 5, Google Nexus 5X, Google Nexus 6.