Main Vulnerability Database Exploits ID:10376 - Exploit for Improper input validation in Linux kernel - CVE-2016-5340

ID:10376 - Exploit for Improper input validation in Linux kernel - CVE-2016-5340

Published: August 10, 2024

Vulnerability identifier: #VU95703

Vulnerability risk: Low

CVE-ID: CVE-2016-5340

CWE-ID: CWE-20

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://cpr-zero.checkpoint.com/vulns/cprid-1022/

Vulnerability description

The vulnerability allows a local user to execute arbitrary code.

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.

Remediation

Install update from vendor's repository.

ID:10376 - Exploit for Improper input validation in Linux kernel - CVE-2016-5340

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human