cvelistv5 - CVE-2016-3843

CVE-2016-3843

Vulnerability from cvelistv5

Published

2016-08-05 20:00

Modified

2024-08-06 00:10

Severity ?

Summary

References

URL	Tags
security@android.com	http://source.android.com/security/bulletin/2016-08-01.html	Patch, Vendor Advisory
security@android.com	http://www.securityfocus.com/bid/92237
security@android.com	http://www.securityfocus.com/bid/92250
af854a3a-2127-422b-91ae-364da2661108	http://source.android.com/security/bulletin/2016-08-01.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92237
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92250

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:10:31.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-08-01.html"
          },
          {
            "name": "92237",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92237"
          },
          {
            "name": "92250",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-08-01.html"
        },
        {
          "name": "92237",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92237"
        },
        {
          "name": "92250",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-3843",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-08-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-08-01.html"
            },
            {
              "name": "92237",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92237"
            },
            {
              "name": "92250",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2016-3843",
    "datePublished": "2016-08-05T20:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:10:31.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-3843\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2016-08-05T20:59:34.000\",\"lastModified\":\"2024-11-21T02:50:46.847\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.\"},{\"lang\":\"es\",\"value\":\"Android en versiones anteriores a 2016-08-05 no restringue adecuadamente ejecuci\u00f3n de c\u00f3digo en un contexto kernel, lo que permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, como se demuestra por el subsistema del rendimiento del kernel y el componente de rendimiento Qualcomm, tambi\u00e9n conocido como errores internos de Android 28086229 y 29119870 y error interno de Qualcomm CR1011071.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.1\",\"matchCriteriaId\":\"2567A6D5-BBA1-47B2-B1C3-EFABE9408FA9\"}]}]}],\"references\":[{\"url\":\"http://source.android.com/security/bulletin/2016-08-01.html\",\"source\":\"security@android.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92237\",\"source\":\"security@android.com\"},{\"url\":\"http://www.securityfocus.com/bid/92250\",\"source\":\"security@android.com\"},{\"url\":\"http://source.android.com/security/bulletin/2016-08-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/92250\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071. GoogleNexus is a high-end mobile phone series powered by Google\342\200\231s original Android system. GoogleNexus has a privilege elevation vulnerability that could allow an attacker to execute arbitrary code using elevated kernel-wide permissions. Google Android is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to gain elevated privileges within the context of the affected application. These issues are being tracked by Android Bug IDs A-29119870 and A-28086229

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0172",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "android",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "google",
        "version": "6.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "google",
        "version": "6.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "google",
        "version": "2016-08-05"
      },
      {
        "model": "nexus",
        "scope": null,
        "trust": 0.6,
        "vendor": "google",
        "version": null
      },
      {
        "model": "nexus 6p",
        "scope": null,
        "trust": 0.6,
        "vendor": "google",
        "version": null
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "5x"
      },
      {
        "model": "pixel c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "nexus player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "9"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "7"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "5"
      },
      {
        "model": "android one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "6.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "db": "BID",
        "id": "92237"
      },
      {
        "db": "BID",
        "id": "92250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-029"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3843"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:google:android",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Wish Wu (@wish_wu) of Trend Micro Inc",
    "sources": [
      {
        "db": "BID",
        "id": "92237"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-3843",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-3843",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-06076",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2016-3843",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-3843",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-3843",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-06076",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-029",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-3843",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-029"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3843"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071. GoogleNexus is a high-end mobile phone series powered by Google\\342\\200\\231s original Android system. GoogleNexus has a privilege elevation vulnerability that could allow an attacker to execute arbitrary code using elevated kernel-wide permissions. Google Android is prone to multiple privilege escalation vulnerabilities. \nAttackers can exploit these issues to gain  elevated  privileges within   the context of the affected application. \nThese issues are being tracked by Android Bug IDs A-29119870 and A-28086229",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "db": "BID",
        "id": "92237"
      },
      {
        "db": "BID",
        "id": "92250"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3843"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3843",
        "trust": 3.7
      },
      {
        "db": "BID",
        "id": "92250",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "92237",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2016.1866",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-029",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3843",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3843"
      },
      {
        "db": "BID",
        "id": "92237"
      },
      {
        "db": "BID",
        "id": "92250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-029"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3843"
      }
    ]
  },
  "id": "VAR-201608-0172",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      }
    ]
  },
  "last_update_date": "2024-11-23T19:32:57.901000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Android Security Bulletin-August 2016",
        "trust": 0.8,
        "url": "http://source.android.com/security/bulletin/2016-08-01.html"
      },
      {
        "title": "Patch for GoogleNexus privilege escalation vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/80123"
      },
      {
        "title": "Android Kernel Performance Subsystem Repair measures for privilege escalation",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63419"
      },
      {
        "title": "Android Security Bulletins: Android Security Bulletin\u2014August 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=1c52474e34daae48915f8b4129072a86"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-029"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3843"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://source.android.com/security/bulletin/2016-08-01.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/92250"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/92237"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3843"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3843"
      },
      {
        "trust": 0.6,
        "url": "http://code.google.com/android/"
      },
      {
        "trust": 0.6,
        "url": "http://www.auscert.org.au/./render.html?it=37318"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3843"
      },
      {
        "db": "BID",
        "id": "92237"
      },
      {
        "db": "BID",
        "id": "92250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-029"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3843"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3843"
      },
      {
        "db": "BID",
        "id": "92237"
      },
      {
        "db": "BID",
        "id": "92250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-029"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3843"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "date": "2016-08-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-3843"
      },
      {
        "date": "2016-08-01T00:00:00",
        "db": "BID",
        "id": "92237"
      },
      {
        "date": "2016-08-01T00:00:00",
        "db": "BID",
        "id": "92250"
      },
      {
        "date": "2016-08-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "date": "2016-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-029"
      },
      {
        "date": "2016-08-05T20:59:34",
        "db": "NVD",
        "id": "CVE-2016-3843"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-06076"
      },
      {
        "date": "2016-11-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-3843"
      },
      {
        "date": "2016-08-01T00:00:00",
        "db": "BID",
        "id": "92237"
      },
      {
        "date": "2016-08-01T00:00:00",
        "db": "BID",
        "id": "92250"
      },
      {
        "date": "2016-08-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      },
      {
        "date": "2016-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-029"
      },
      {
        "date": "2024-11-21T02:50:46.847000",
        "db": "NVD",
        "id": "CVE-2016-3843"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "92237"
      },
      {
        "db": "BID",
        "id": "92250"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Android Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004253"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "92237"
      },
      {
        "db": "BID",
        "id": "92250"
      }
    ],
    "trust": 0.6
  }
}

gsd-2016-3843

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-3843

Aliases

CVE-2016-3843

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-3843",
    "description": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.",
    "id": "GSD-2016-3843"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-3843"
      ],
      "details": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.",
      "id": "GSD-2016-3843",
      "modified": "2023-12-13T01:21:27.732373Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2016-3843",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://source.android.com/security/bulletin/2016-08-01.html",
            "refsource": "CONFIRM",
            "url": "http://source.android.com/security/bulletin/2016-08-01.html"
          },
          {
            "name": "92237",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92237"
          },
          {
            "name": "92250",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92250"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-3843"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-08-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://source.android.com/security/bulletin/2016-08-01.html"
            },
            {
              "name": "92237",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/92237"
            },
            {
              "name": "92250",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/92250"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-11-28T20:12Z",
      "publishedDate": "2016-08-05T20:59Z"
    }
  }
}

ghsa-3mgp-6v5r-49c2

Vulnerability from github

Published

2022-05-17 03:41

Modified

2022-05-17 03:41

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-3843"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-08-05T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.",
  "id": "GHSA-3mgp-6v5r-49c2",
  "modified": "2022-05-17T03:41:57Z",
  "published": "2022-05-17T03:41:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3843"
    },
    {
      "type": "WEB",
      "url": "http://source.android.com/security/bulletin/2016-08-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92237"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2016-3843

Vulnerability from fkie_nvd

Published

2016-08-05 20:59

Modified

2024-11-21 02:50

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@android.com	http://source.android.com/security/bulletin/2016-08-01.html	Patch, Vendor Advisory
security@android.com	http://www.securityfocus.com/bid/92237
security@android.com	http://www.securityfocus.com/bid/92250
af854a3a-2127-422b-91ae-364da2661108	http://source.android.com/security/bulletin/2016-08-01.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92237
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92250

Impacted products

	Vendor	Product	Version
	google	android	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2567A6D5-BBA1-47B2-B1C3-EFABE9408FA9",
              "versionEndIncluding": "6.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071."
    },
    {
      "lang": "es",
      "value": "Android en versiones anteriores a 2016-08-05 no restringue adecuadamente ejecuci\u00f3n de c\u00f3digo en un contexto kernel, lo que permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, como se demuestra por el subsistema del rendimiento del kernel y el componente de rendimiento Qualcomm, tambi\u00e9n conocido como errores internos de Android 28086229 y 29119870 y error interno de Qualcomm CR1011071."
    }
  ],
  "id": "CVE-2016-3843",
  "lastModified": "2024-11-21T02:50:46.847",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-05T20:59:34.000",
  "references": [
    {
      "source": "security@android.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://source.android.com/security/bulletin/2016-08-01.html"
    },
    {
      "source": "security@android.com",
      "url": "http://www.securityfocus.com/bid/92237"
    },
    {
      "source": "security@android.com",
      "url": "http://www.securityfocus.com/bid/92250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://source.android.com/security/bulletin/2016-08-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92250"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-3843

Vulnerability from cvelistv5

var-201608-0172

Vulnerability from variot

gsd-2016-3843

Vulnerability from gsd

ghsa-3mgp-6v5r-49c2

Vulnerability from github

fkie_cve-2016-3843

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature