PT-2017-1224 · Google+4 · Android+4

Publicado

2016-12-29

·

Atualizado

2024-04-02

·

CVE-2016-8399

CVSS v2.0

7.6

Alta

VetorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Android versions Kernel-3.10 through Kernel-3.18
Description An elevation of privilege issue in the kernel networking subsystem could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code.
Recommendations For versions Kernel-3.10 through Kernel-3.18, consider restricting access to the kernel networking subsystem until a patch is available. As a temporary workaround, consider disabling any functionality that relies on the vulnerable kernel networking subsystem to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2017-00337
CESA-2017_0817
CESA-2017_2930
CVE-2016-8399
DLA-772-1
MGASA-2016-0429
MGASA-2017-0003
MGASA-2017-0004
RHSA-2017:0817
RHSA-2017:0869
RHSA-2017:2930
RHSA-2017:2931
RHSA-2017_0817
RHSA-2017_2930
RHSA-2017_2931
SUSE-SU-2017:0333-1
SUSE-SU-2017:0407-1
SUSE-SU-2017:0437-1
SUSE-SU-2017:0464-1
SUSE-SU-2017:0471-1
SUSE-SU-2017:0494-1
SUSE-SU-2017:1102-1
USN-3189-1
USN-3189-2
USN-3190-1
USN-3190-2

Produtos afetados

Android
Centos
Red Hat
Suse
Ubuntu