Vulnerability Details : CVE-2016-6746
An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746.
Published
2016-11-25 16:59:50
Updated
2016-11-28 20:35:07
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2016-6746
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 20 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-6746
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-6746
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6746
-
https://source.android.com/security/bulletin/2016-11-01.html
Android Security Bulletin—November 2016 | Android Open Source ProjectVendor Advisory
-
http://www.securityfocus.com/bid/94209
Google Pixel C NVIDIA GPU driver CVE-2016-6746 Information Disclosure Vulnerability
Products affected by CVE-2016-6746
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*