CVE-2016-10237
HIGHAndroid - Improper Access Control in Shared Content Protection Memory Handling
Title source: llmDescription
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-04-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97334
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038201
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
16.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (2)
google/android
Qualcomm, Inc./All Qualcomm Products
All Android releases from CAF using the Linux kernel
Published
May 16, 2017
Tracked Since
Feb 18, 2026