PT-2018-4651 · Google+1 · Android+1

Publicado

2018-04-18

Atualizado

2018-05-01

CVE-2016-10406

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue concerns the printing of debug messages in certain Qualcomm Snapdragon Mobile processors. Specifically, when the wlan qmi err cb function is called, it prints the real kernel address of a pointer, regardless of the kptr restrict system settings. This could potentially expose sensitive information.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-10406

Produtos afetados

Android

Qualcomm Snapdragon Mobile

PT-2018-4651 · Google+1 · Android+1

CVE-2016-10406

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3