color map copying bounds checking in kernel-drivers-video-fbdev CVE-2016-8405

Tracked by Jolla

asked 2017-05-03 12:18:43 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-05-03 12:18:43 +0300

lpr gravatar image

Description

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Android ID: A-31651010.

Patch is available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/video/fbcmap.c lines 164-176; 188-202

edit retag flag offensive close delete