CVE-2016-5867

HIGH

Android - Stack Overflow

Title source: llm

Description

In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2016-5867

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98170

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2017-05-01

[Issue Tracking, Patch, Third Party Advisory] https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=065360da7147003aed8f59782b7652d565f56be5

Scores

CVSS v3 7.0

EPSS 0.0006

EPSS Percentile 19.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (2)

google/android

Qualcomm, Inc./All Qualcomm products Android for MSM, Firefox OS for MSM, QRD Android

Published Aug 16, 2017

Tracked Since Feb 18, 2026