CVE-2016-6746
Published on: 11/25/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:12 PM UTC
Certain versions of Android from Google contain the following vulnerability:
An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746.
- CVE-2016-6746 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity. - Affected Vendor/Software: Google Inc. - Android version Kernel-3.18
CVSS3 Score: 5.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
|---|---|---|---|---|
| LOCAL | LOW | NONE | REQUIRED | |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
| UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 4.3 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | MEDIUM | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | NONE | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Android Security Bulletin—November 2016 | Android Open Source Project | Vendor Advisory source.android.com text/html |
CONFIRM source.android.com/security/bulletin/2016-11-01.html |
| Google Pixel C NVIDIA GPU driver CVE-2016-6746 Information Disclosure Vulnerability | cve.report (archive) text/html |
BID 94209 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Android | All | All | All | All |
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE