CVE-2016-6725
Published on: 11/25/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:11 PM UTC
Certain versions of Android from Google contain the following vulnerability:
A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970.
- CVE-2016-6725 has been assigned by [email protected] to track the vulnerability - currently rated as CRITICAL severity.
- Affected Vendor/Software: Google Inc. - Android version Kernel-3.10
- Affected Vendor/Software: Google Inc. - Android version Kernel-3.18
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 10 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Android Security Bulletin—November 2016 | Android Open Source Project | Vendor Advisory source.android.com text/html | CONFIRM source.android.com/security/bulletin/2016-11-01.html |
Google Nexus Qualcomm Crypto Driver CVE-2016-6725 Remote Code Execution Vulnerability | cve.report (archive) text/html | BID 94182 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Android | All | All | All | All |
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE