The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
References
Link | Resource |
---|---|
https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340 | Broken Link |
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6 | Mailing List Patch Third Party Advisory |
http://source.android.com/security/bulletin/2016-10-01.html | Third Party Advisory |
http://www.securityfocus.com/bid/92374 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036763 | Third Party Advisory VDB Entry |
Information
Published : 2016-08-07 14:59
Updated : 2020-08-03 09:13
NVD link : CVE-2016-5340
Mitre link : CVE-2016-5340
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
- android
linux
- linux_kernel