Vulnerability Details : CVE-2016-2061
Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.
Vulnerability category: Memory CorruptionDenial of service
Threat overview for CVE-2016-2061
Top countries where our scanners detected CVE-2016-2061
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2016-2061 18,959
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-2061!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-2061
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-2061
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-2061
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2061
-
http://source.android.com/security/bulletin/2016-06-01.html
Android Security Bulletin—June 2016 | Android Open Source ProjectVendor Advisory
-
https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.18/commit/id=79db14ca9f791a14be9376a0340ad3b9b9a4d603
kernel/msm-3.18 - Unnamed repository; edit this file 'description' to name the repository.Mailing List;Third Party Advisory
Products affected by CVE-2016-2061
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*