CVE-2016-3757

The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237.  NOTE: print_maps is not related to the Vic Abell lsof product.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
google_androidCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
googleandroid
4.3.1
googleandroid
4.4
googleandroid
4.4.1
googleandroid
4.4.2
googleandroid
4.4.3
googleandroid
5.0
googleandroid
5.0.1
googleandroid
5.1
googleandroid
5.1.0
googleandroid
6.0
googleandroid
6.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
android
bionic
dne
artful
dne
zesty
ignored
yakkety
ignored
xenial
ignored
wily
ignored
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://source.android.com/security/bulletin/2016-07-01.html
https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7
http://source.android.com/security/bulletin/2016-07-01.html
https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7