CVE-2016-2068

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.x

Description The issue allows attackers to gain privileges or cause a denial of service via a crafted application. This can be achieved by performing either an AUDIO EFFECTS WRITE or AUDIO EFFECTS READ operation. The exploitation is possible due to integer overflow and buffer overflow or buffer over-read in the MSM QDSP6 audio driver.

Recommendations For Linux kernel version 3.x, consider restricting access to the AUDIO EFFECTS WRITE and AUDIO EFFECTS READ operations until a patch is available. As a temporary workaround, disabling the vulnerable MSM QDSP6 audio driver may help minimize the risk of exploitation.