Vulnerability CVE-2016-5857


Published: 2017-03-20   Modified: 2017-03-23

Description:
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.

Vendor: Google
Product: Android 
Version: 7.0;

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securitytracker.com/id/1037968
https://source.android.com/security/bulletin/2017-03-01.html

Related CVE
CVE-2016-6726
Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.
CVE-2014-7920
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
CVE-2014-7921
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
CVE-2013-6662
Google Chrome caches TLS sessions before certificate validation occurs.
CVE-2016-5856
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.
CVE-2013-6647
A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.
CVE-2017-0578
An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro...
CVE-2017-0565
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privile...

Copyright 2017, cxsecurity.com