Vulnerability Details : CVE-2016-2068
The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.
Vulnerability category: OverflowDenial of service
Threat overview for CVE-2016-2068
Top countries where our scanners detected CVE-2016-2068
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2016-2068 18,959
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-2068!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-2068
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-2068
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-2068
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2068
-
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6
kernel/msm-3.18 - Unnamed repository; edit this file 'description' to name the repository.Mailing List;Patch;Third Party Advisory
-
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83
kernel/msm-3.10 - Unnamed repositoryMailing List;Patch;Third Party Advisory
-
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00
kernel/msm-3.10 - Unnamed repositoryMailing List;Patch;Third Party Advisory
-
http://source.android.com/security/bulletin/2016-07-01.html
Android Security Bulletin—July 2016 | Android Open Source ProjectPatch;Vendor Advisory
Products affected by CVE-2016-2068
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*