CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
48.5%
Integer signedness error in the MSM V4L2 video driver for the Linux kernel
3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for
MSM devices and other products, allows attackers to gain privileges or
cause a denial of service (array overflow and memory corruption) via a
crafted application that triggers an msm_isp_axi_create_stream call.
Author | Note |
---|---|
mdeslaur | android driver |
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
source.android.com/security/bulletin/2016-06-01.html
launchpad.net/bugs/cve/CVE-2016-2061
nvd.nist.gov/vuln/detail/CVE-2016-2061
security-tracker.debian.org/tracker/CVE-2016-2061
us.codeaurora.org/cgit/quic/la//kernel/msm-3.18/commit/id=79db14ca9f791a14be9376a0340ad3b9b9a4d603
www.codeaurora.org/array-overflow-msm-v4l2-video-driver-allows-kernel-memory-corruption-cve-2016-2061
www.cve.org/CVERecord?id=CVE-2016-2061
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
48.5%