CVE-2016-2416

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.4 Android versions 5.0.x through 5.0.2 Android versions 5.1.x through 5.1.1 Android versions 6.x before 2016-04-01

Description The issue allows attackers to obtain sensitive information and bypass an unspecified protection mechanism via a dump request. This can be demonstrated by obtaining Signature or SignatureOrSystem access. The vulnerability is related to the lack of permission check for android.permission.DUMP in the libs/gui/BufferQueueConsumer.cpp component of the mediaserver in Android.

Recommendations For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.2, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.1, update to version 5.1.1 or later. For Android versions 6.x before 2016-04-01, update to a version released after 2016-04-01.