CVE-2016-8418
Vulnerability from cvelistv5
Published
2017-02-08 15:00
Modified
2024-08-06 02:20
Severity
Summary
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.
References
Source | URL | Tags |
---|---|---|
security@android.com | http://www.securityfocus.com/bid/96058 | Third Party Advisory |
security@android.com | http://www.securitytracker.com/id/1037798 | |
security@android.com | https://source.android.com/security/bulletin/2017-02-01.html | Vendor Advisory |
Impacted products
Vendor | Product |
---|---|
Google Inc. | Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:31.247Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96058", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96058" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-24T12:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "1037798", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96058", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96058" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-8418", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798" }, { "name": "96058", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96058" }, { "name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-8418", "datePublished": "2017-02-08T15:00:00", "dateReserved": "2016-10-05T00:00:00", "dateUpdated": "2024-08-06T02:20:31.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-8418\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2017-02-08T15:59:00.363\",\"lastModified\":\"2017-07-25T01:29:03.013\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el controlador crypto Qualcomm podr\u00eda habilitar a un atacante remoto a ejecutar c\u00f3digo arbitrario dentro del contexto del kernel. Este problema se califica como Critical debido a la posibilidad de ejecutar c\u00f3digo remoto dentro del contexto del Kernel. Producto: Android. Versiones: N/A. Android ID: A-32652894. Referencias: QC-CR#1077457.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.1\",\"matchCriteriaId\":\"2567A6D5-BBA1-47B2-B1C3-EFABE9408FA9\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96058\",\"source\":\"security@android.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1037798\",\"source\":\"security@android.com\"},{\"url\":\"https://source.android.com/security/bulletin/2017-02-01.html\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...