Published: 18/04/2016 Updated: 08/09/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.4 | Impact Score: 5.9 | Exploitability Score: 2.5

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, and 6.x prior to 2016-04-01 does not properly consider the heap size, which allows malicious users to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 6.0.1
google android 6.0
google android 5.1.0
google android 4.4
google android 4.3.1
google android 4.0.4
google android 4.0.3
google android 5.0
google android 4.4.3
google android 4.2.1
google android 4.2
google android 4.0
google android 4.4.2
google android 4.4.1
google android 4.1.2
google android 4.1
google android 5.1
google android 5.0.1
google android 4.3
google android 4.2.2
google android 4.0.2
google android 4.0.1

Source: bugschromiumorg/p/project-zero/issues/detail?id=706 Android: IMemory Native Interface is insecure for IPC use Platform: Tested on Android 601 January patches Class: Elevation of Privilege Summary: The IMemory interface in frameworks/native/libs/binder/IMemorycpp, used primarily by the media services can be tricked to return a ...

CVE-2016-0846-PoC

CWE-264 http://source.android.com/security/bulletin/2016-04-02.html https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149 https://www.exploit-db.com/exploits/39686/https://nvd.nist.gov https://github.com/b0b0505/CVE-2016-0846-PoC https://www.exploit-db.com/exploits/39686/

CVE-2016-0846

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect