CVE-2016-5344
CRITICALAndroid < 7.0 and Linux Kernel 3.0-3.19.8 - Integer Overflow in MDSS Driver
Title source: llmDescription
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.
References (4)
Core 4
Core References
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7
Broken Link x_refsource_confirm
https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344
Patch, Third Party Advisory x_refsource_confirm
http://source.android.com/security/bulletin/2016-10-01.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92695
Scores
CVSS v3
9.8
EPSS
0.0173
EPSS Percentile
74.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (2)
google/android
< 7.0
linux/linux_kernel
3.0 - 3.19.8
Published
Aug 30, 2016
Tracked Since
Feb 18, 2026