Vulnerability Details : CVE-2016-5867
In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.
Products affected by CVE-2016-5867
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5867
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5867
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST | |
|
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2016-5867
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5867
-
https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=065360da7147003aed8f59782b7652d565f56be5
kernel/msm-3.18 - Unnamed repository; edit this file 'description' to name the repository.Issue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/98170
Google Android Qualcomm Sound Driver CVE-2016-5867 Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://source.android.com/security/bulletin/2017-05-01
Android Security Bulletin—May 2017 | Android Open Source ProjectPatch;Vendor Advisory
Jump to