PT-2020-7959 · Google · Android

Published

2020-04-07

Updated

2020-04-07

CVE-2016-11030

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Samsung mobile devices with Android versions 4.4 through 6.0

Description: An issue was discovered on Samsung mobile devices where the sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow.

Recommendations: For Android version 4.4, consider disabling the MAX86902 sensor driver to minimize the risk of exploitation. For Android version 5.0/5.1, restrict access to the sysfs of the MAX86902 sensor driver until a patch is available. For Android version 6.0 with Hrm sensor support, avoid using the Hrm sensor functionality in the MAX86902 sensor driver until the issue is resolved.

Fix

Race Condition

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-787

Related Identifiers

CVE-2016-11030

Affected Products

Android

PT-2020-7959 · Google · Android

CVE-2016-11030

Weakness Enumeration

Related Identifiers

Affected Products

References · 4