SB2016080807 - Improper input validation in Linux kernel
Published: August 8, 2016 Updated: August 10, 2024
Security Bulletin ID
SB2016080807
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2016-5340)
The vulnerability allows a local user to execute arbitrary code.
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
Remediation
Install update from vendor's website.
References
- http://source.android.com/security/bulletin/2016-10-01.html
- http://www.securityfocus.com/bid/92374
- http://www.securitytracker.com/id/1036763
- https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6
- https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340