{"api_version":"1","generated_at":"2026-06-27T14:46:18+00:00","cve":"CVE-2016-8397","urls":{"html":"https://cve.report/CVE-2016-8397","api":"https://cve.report/api/cve/CVE-2016-8397.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-8397","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-8397"},"summary":{"title":"CVE-2016-8397","description":"An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397.","state":"PUBLISHED","assigner":"google_android","published_at":"2017-01-12 15:59:01","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-200","Information disclosure"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/94714","name":"http://www.securityfocus.com/bid/94714","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Google Nexus CVE-2016-8397 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for “BlueBorne” and “Dnsmasq”. | NVIDIA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","name":"https://source.android.com/security/bulletin/2016-12-01.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Android Security Bulletin—December 2016 | Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-8397","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8397","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Google Inc.","product":"Android","version":"affected Kernel-3.10","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"8397","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"3.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2016","cve_id":"8397","cve":"CVE-2016-8397","epss":"0.002230000","percentile":"0.447000000","score_date":"2026-05-11","updated_at":"2026-05-12 00:01:18"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T02:20:31.091Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"94714","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/94714"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://source.android.com/security/bulletin/2016-12-01.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Android","vendor":"Google Inc.","versions":[{"status":"affected","version":"Kernel-3.10"}]}],"datePublic":"2016-12-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397."}],"problemTypes":[{"descriptions":[{"description":"Information disclosure","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-10-18T17:57:01.000Z","orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android"},"references":[{"name":"94714","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/94714"},{"tags":["x_refsource_CONFIRM"],"url":"https://source.android.com/security/bulletin/2016-12-01.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@android.com","ID":"CVE-2016-8397","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Kernel-3.10"}]}}]},"vendor_name":"Google Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"name":"94714","refsource":"BID","url":"http://www.securityfocus.com/bid/94714"},{"name":"https://source.android.com/security/bulletin/2016-12-01.html","refsource":"CONFIRM","url":"https://source.android.com/security/bulletin/2016-12-01.html"},{"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","refsource":"CONFIRM","url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"}]}}}},"cveMetadata":{"assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","cveId":"CVE-2016-8397","datePublished":"2017-01-12T15:00:00.000Z","dateReserved":"2016-10-05T00:00:00.000Z","dateUpdated":"2024-08-06T02:20:31.091Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-01-12 15:59:01","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-200","Information disclosure"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"8397","Ordinal":"1","Title":"CVE-2016-8397","CVE":"CVE-2016-8397","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"8397","Ordinal":"1","NoteData":"An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397.","Type":"Description","Title":"CVE-2016-8397"},{"CveYear":"2016","CveId":"8397","Ordinal":"2","NoteData":"2017-01-12","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"8397","Ordinal":"3","NoteData":"2017-10-18","Type":"Other","Title":"Modified"}]}}}