Description
Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call.
References (4)
Core 4
Core References
Broken Link x_refsource_confirm
https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91046
Patch, Vendor Advisory x_refsource_confirm
http://source.android.com/security/bulletin/2016-06-01.html
Scores
CVSS v3
7.8
EPSS
0.0138
EPSS Percentile
68.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
linux/linux_kernel
3.0 - 3.19.8
Published
Jun 13, 2016
Tracked Since
Feb 18, 2026