CVE-2016-2419

EUVD-2016-3501
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
googleandroid
6.0
googleandroid
6.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
android
artful
dne
bionic
dne
precise
dne
trusty
dne
wily
ignored
xenial
ignored
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://source.android.com/security/bulletin/2016-04-02.html
https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34
http://source.android.com/security/bulletin/2016-04-02.html
https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34