PT-2017-1223 · Google+2 · Android+2

Peter Pi

Published

2017-01-11

Updated

2018-09-06

CVE-2016-8405

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Kernel-3.10 through Kernel-3.18

Description The issue is related to a lack of protection for internal data in kernel components, including the ION subsystem, Binder, USB driver, and networking subsystem. This could allow a local malicious application to access data outside of its permission levels. The exploitation of this issue requires a privileged process to be compromised first. It is estimated as a moderate issue.

Recommendations For Android versions Kernel-3.10 through Kernel-3.18, update to a version that includes the fix for this issue to prevent potential data access outside of permission levels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2017-00336

CVE-2016-8405

DLA-833-1

DSA-3791-1

SUSE-SU-2018:2332-1

SUSE-SU-2018:2366-1

SUSE-SU-2018:2637-1

SUSE-SU-2018_2332-1

SUSE-SU-2018_2366-1

USN-3361-1

USN-3381-1

USN-3381-2

Affected Products

Android

Suse

Ubuntu

PT-2017-1223 · Google+2 · Android+2

CVE-2016-8405

Weakness Enumeration

Related Identifiers

Affected Products

References · 117