CVE-2016-2480

The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
google_androidCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
googleandroid
4.3.1
googleandroid
5.0
googleandroid
5.0.1
googleandroid
5.1
googleandroid
6.0
googleandroid
6.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
android
bionic
dne
artful
dne
zesty
ignored
yakkety
ignored
xenial
ignored
wily
ignored
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://source.android.com/security/bulletin/2016-06-01.html
https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8
http://source.android.com/security/bulletin/2016-06-01.html
https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8