CVE-2016-0828

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY49H Android 6.x versions prior to 2016-03-01

Description The issue exists due to the lack of initialization of a certain type of variable in the BnGraphicBufferConsumer::onTransact function. This allows a remote attacker to bypass protection mechanisms or obtain confidential information by triggering an ATTACH BUFFER action.

Recommendations For Android versions prior to 5.1.1 LMY49H, update to version 5.1.1 LMY49H or later. For Android 6.x versions prior to 2016-03-01, update to a version released after 2016-03-01. As a temporary workaround, consider restricting access to the BnGraphicBufferConsumer::onTransact function until a patch is available.