CVE-2016-6746
Vulnerability from cvelistv5
Published
2016-11-25 16:00
Modified
2024-08-06 01:36
Severity
Summary
An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746.
References
Impacted products
Vendor | Product |
---|---|
Google Inc. | Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:29.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94209", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94209" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Kernel-3.18" } ] } ], "datePublic": "2016-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "94209", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94209" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-6746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Kernel-3.18" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "94209", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94209" }, { "name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-6746", "datePublished": "2016-11-25T16:00:00", "dateReserved": "2016-08-11T00:00:00", "dateUpdated": "2024-08-06T01:36:29.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-6746\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2016-11-25T16:59:50.260\",\"lastModified\":\"2016-11-28T20:35:07.123\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el controlador NVIDIA GPU en Android en versiones anteriores a 05-11-2016 podr\u00eda habilitar a una aplicaci\u00f3n maliciosa local a acceder a datos fuera de sus niveles de permiso. Este problema est\u00e1 clasificado como High porque podr\u00eda ser usado para acceder a datos sensibles sin el permiso expl\u00edcito del usuario. Android ID: A-30955105. Referencias: NVIDIA N-CVE-2016-6746.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0\",\"matchCriteriaId\":\"595E33EF-6B21-425B-929C-6B883FA50081\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94209\",\"source\":\"security@android.com\"},{\"url\":\"https://source.android.com/security/bulletin/2016-11-01.html\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...