CVE-2016-2064

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.x

Description The issue allows attackers to cause a denial of service or possibly have other impact via a crafted application. This is achieved by making an ioctl call specifying many commands, which can lead to a buffer over-read in the MSM QDSP6 audio driver.

Recommendations For Linux kernel version 3.x, consider restricting access to the ioctl call until a patch is available. As a temporary workaround, avoid using the MSM QDSP6 audio driver with crafted applications that specify many commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.