remove entry from qseecom_registered_app_list in kernel-drivers-qseecom CVE-2016-8480 remote

Tracked by Jolla

asked 2017-07-06 15:51:49 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-07-06 15:51:49 +0300

lpr gravatar image

Description
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. CVSS v3 Base Score:7.0 High remote

Patch available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/misc/qseecom.c lines: 639-644; 658-660; 740-745

edit retag flag offensive close delete