CVE-2016-3757

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.4 Android versions 5.0.x through 5.0.2 Android versions 5.1.x through 5.1.1 Android versions 6.x before 2016-07-01

Description The issue allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file. This is due to insufficient input validation in the print maps function. A local attacker can exploit this issue by using a specially crafted file with a long name in the device's memory.

Recommendations For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.2, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.1, update to version 5.1.1 or later. For Android versions 6.x before 2016-07-01, update to a version released after 2016-07-01. As a temporary workaround, consider restricting access to the print maps function in toolbox/lsof.c to minimize the risk of exploitation.