PT-2017-1223 · Google+2 · Android+2

Peter Pi

Publicado

2017-01-11

Atualizado

2018-09-06

CVE-2016-8405

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Kernel-3.10 through Kernel-3.18

Description The issue is related to a lack of protection for internal data in kernel components, including the ION subsystem, Binder, USB driver, and networking subsystem. This could allow a local malicious application to access data outside of its permission levels. The exploitation of this issue requires a privileged process to be compromised first. It is estimated as a moderate issue.

Recommendations For Android versions Kernel-3.10 through Kernel-3.18, update to a version that includes the fix for this issue to prevent potential data access outside of permission levels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BDU:2017-00336

CVE-2016-8405

DLA-833-1

DSA-3791-1

SUSE-SU-2018:2332-1

SUSE-SU-2018:2366-1

SUSE-SU-2018:2637-1

SUSE-SU-2018_2332-1

SUSE-SU-2018_2366-1

USN-3361-1

USN-3381-1

USN-3381-2

Produtos afetados

Android

Suse

Ubuntu

PT-2017-1223 · Google+2 · Android+2

CVE-2016-8405

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 117