Main Vulnerability Database Vulnerabilities #VU38983

Improper access control in Google Android - CVE-2016-10237

Published: May 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38983

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-10237

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.

How to mitigate CVE-2016-10237

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/97334
http://www.securitytracker.com/id/1038201
https://source.android.com/security/bulletin/2017-04-01

Improper access control in Google Android - CVE-2016-10237

Detailed vulnerability description

How to mitigate CVE-2016-10237

Sources

Please verify you're human