Published: 07/08/2016 Updated: 03/08/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows malicious users to bypass intended access restrictions by using the /ashmem string as the dentry name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android
linux linux kernel

Corporate Worldwide Log in ...

CWE-20 https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6 http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92374 http://www.securitytracker.com/id/1036763 https://nvd.nist.gov https://www.huawei.com/en/psirt/security-notices/huawei-sn-20190702-01-finitestate-en

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-5340

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect