Main Vulnerability Database SB2016083002

SB2016083002 - Integer overflow in Linux kernel

Published: August 30, 2016

Security Bulletin ID SB2016083002

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2016-5344)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.

Remediation

Install update from vendor's website.

References

http://source.android.com/security/bulletin/2016-10-01.html
http://www.securityfocus.com/bid/92695
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7
https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344