CVE-2016-2068
HIGHAndroid < 6.0.1 and Linux Kernel 3.0-3.19.8 - Integer Overflow in MSM QDSP6 Audio Driver
Title source: llmDescription
The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.
References (5)
Core 5
Core References
Broken Link x_refsource_confirm
https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2068-0
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6
Patch, Vendor Advisory x_refsource_confirm
http://source.android.com/security/bulletin/2016-07-01.html
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00
Scores
CVSS v3
7.8
EPSS
0.0074
EPSS Percentile
49.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (2)
google/android
< 6.0.1
linux/linux_kernel
3.0 - 3.19.8
Published
Jul 11, 2016
Tracked Since
Feb 18, 2026