Main Vulnerability Database Vulnerabilities #VU40352

Permissions, Privileges, and Access Controls in Google Android - CVE-2016-2419

Published: April 18, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40352

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-2419

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.

How to mitigate CVE-2016-2419

Install update from vendor's website.

Permissions, Privileges, and Access Controls in Google Android - CVE-2016-2419

Detailed vulnerability description

How to mitigate CVE-2016-2419

Sources

Please verify you're human