CVE-2016-2061
Published on: 06/12/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:16 PM UTC
Certain versions of Linux Kernel from Linux contain the following vulnerability:
Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.
- CVE-2016-2061 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
LOCAL | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Android Security Bulletin—June 2016 | Android Open Source Project | Vendor Advisory source.android.com text/html |
![]() |
Array Overflow in MSM V4L2 Video Driver Allows Kernel Memory Corruption (CVE-2016-2061) | Code Aurora | Broken Link web.archive.org text/html Inactive LinkNot Archived |
![]() |
kernel/msm-3.18 - Unnamed repository; edit this file 'description' to name the repository. | Mailing List Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Linux | Linux Kernel | All | All | All | All |
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE