cnvd-2016-07087
Vulnerability from cnvd
Title
Qualcomm Innovation Center Android contributions for MSM整数溢出漏洞
Description
Qualcomm Innovation Center(QuIC)Android contributions for MSM是一款用于MSM项目支持用户建立基于Android平台并包含其他增强功能的高通芯片产品。Qualcomm Innovation Center (QuIC) Android patch是QuIC的一个Android补丁包。 QuIC Android contributions for MSM设备和其它设备中使用的MDSS driver for the Linux kernel 3.x版本中存在整数溢出漏洞。攻击者可通过大的‘size'值利用该漏洞造成拒绝服务。
Severity
Patch Name
Qualcomm Innovation Center Android contributions for MSM整数溢出漏洞的补丁
Patch Description
Qualcomm Innovation Center(QuIC)Android contributions for MSM是一款用于MSM项目支持用户建立基于Android平台并包含其他增强功能的高通芯片产品。Qualcomm Innovation Center (QuIC) Android patch是QuIC的一个Android补丁包。 QuIC Android contributions for MSM设备和其它设备中使用的MDSS driver for the Linux kernel 3.x版本中存在整数溢出漏洞。攻击者可通过大的‘size'值利用该漏洞造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页: https://www.kernel.org/

Reference
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7 https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344
Impacted products
Name
Linux Kernel 3.x
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "92695"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5344"
    }
  },
  "description": "Qualcomm Innovation Center\uff08QuIC\uff09Android contributions for MSM\u662f\u4e00\u6b3e\u7528\u4e8eMSM\u9879\u76ee\u652f\u6301\u7528\u6237\u5efa\u7acb\u57fa\u4e8eAndroid\u5e73\u53f0\u5e76\u5305\u542b\u5176\u4ed6\u589e\u5f3a\u529f\u80fd\u7684\u9ad8\u901a\u82af\u7247\u4ea7\u54c1\u3002Qualcomm Innovation Center (QuIC) Android patch\u662fQuIC\u7684\u4e00\u4e2aAndroid\u8865\u4e01\u5305\u3002\r\n\r\nQuIC Android contributions for MSM\u8bbe\u5907\u548c\u5176\u5b83\u8bbe\u5907\u4e2d\u4f7f\u7528\u7684MDSS driver for the Linux kernel 3.x\u7248\u672c\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5927\u7684\u2018size\u0027\u503c\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.kernel.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-07087",
  "openTime": "2016-09-02",
  "patchDescription": "Qualcomm Innovation Center\uff08QuIC\uff09Android contributions for MSM\u662f\u4e00\u6b3e\u7528\u4e8eMSM\u9879\u76ee\u652f\u6301\u7528\u6237\u5efa\u7acb\u57fa\u4e8eAndroid\u5e73\u53f0\u5e76\u5305\u542b\u5176\u4ed6\u589e\u5f3a\u529f\u80fd\u7684\u9ad8\u901a\u82af\u7247\u4ea7\u54c1\u3002Qualcomm Innovation Center (QuIC) Android patch\u662fQuIC\u7684\u4e00\u4e2aAndroid\u8865\u4e01\u5305\u3002\r\n\r\nQuIC Android contributions for MSM\u8bbe\u5907\u548c\u5176\u5b83\u8bbe\u5907\u4e2d\u4f7f\u7528\u7684MDSS driver for the Linux kernel 3.x\u7248\u672c\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5927\u7684\u2018size\u0027\u503c\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Qualcomm Innovation Center Android contributions for MSM\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Kernel 3.x"
  },
  "referenceLink": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7\r\nhttps://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344",
  "serverity": "\u9ad8",
  "submitTime": "2016-09-01",
  "title": "Qualcomm Innovation Center Android contributions for MSM\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.