CVE-2016-6690

MEDIUM

Google Android < 7.0 - Improper Access Control

Title source: rule

Description

The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/kernel/cve-2016-6690

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] http://source.android.com/security/bulletin/2016-10-01.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93301

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 9.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-284

Status published

Affected Products (2)

google/android < 7.0

n/a/n/a

Timeline

Published Oct 10, 2016

Tracked Since Feb 18, 2026