CVE-2016-0807

Name of the Vulnerable Software and Affected Versions Android 6.x versions prior to 2016-02-01

Description The issue is related to the get build id function in the elf utils.cpp file of the Debuggerd application in Android. It allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note. The vulnerability is associated with insufficient access control to certain functions, which can be exploited by a local attacker using a specially crafted application to elevate their privileges.

Recommendations For Android 6.x versions prior to 2016-02-01, consider restricting access to the get build id function in the elf utils.cpp file of the Debuggerd application until a patch is available. As a temporary workaround, avoid using the Desc Size element in ELF Notes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.