CVE-2016-5346 - OpenCVE

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android Pixel Pixel Xl

Configuration 1 [-]

AND

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:google:pixel:-:::::::*
	cpe:2.3:h:google:pixel_xl:-:::::::*

Configuration 2 [-]

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/97371
http://www.securitytracker.com/id/1038201
https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346
https://source.android.com/security/bulletin/2017-04-01.html
https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-08T18:39:45

Updated: 2024-08-06T01:00:58.062Z

Reserved: 2016-06-09T00:00:00

Link: CVE-2016-5346

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-08T19:15:10.673

Modified: 2020-01-12T21:32:31.310

Link: CVE-2016-5346

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-29T00:00:00", "descriptions": [{"lang": "en", "value": "An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-08T18:39:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/97371"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securitytracker.com/id/1038201"}, {"tags": ["x_refsource_MISC"], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"}, {"tags": ["x_refsource_MISC"], "url": "https://source.android.com/security/bulletin/2017-04-01.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-5346", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.securityfocus.com/bid/97371", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/97371"}, {"name": "http://www.securitytracker.com/id/1038201", "refsource": "MISC", "url": "http://www.securitytracker.com/id/1038201"}, {"name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474", "refsource": "MISC", "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"}, {"name": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346", "refsource": "MISC", "url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"}, {"name": "https://source.android.com/security/bulletin/2017-04-01.html", "refsource": "MISC", "url": "https://source.android.com/security/bulletin/2017-04-01.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:00:58.062Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/bid/97371"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securitytracker.com/id/1038201"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-04-01.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-5346", "datePublished": "2020-01-08T18:39:45", "dateReserved": "2016-06-09T00:00:00", "dateUpdated": "2024-08-06T01:00:58.062Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "9313451D-B78B-4FD5-B7B8-8D92DD4E44B9", "versionEndExcluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*", "matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:google:pixel_xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "1674845A-B3D0-43E2-98FC-06E29A3C6A77", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "9313451D-B78B-4FD5-B7B8-8D92DD4E44B9", "versionEndExcluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280)."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el Google Pixel/Pixel SL Qualcomm Avtimer Driver debido a una desreferencia del puntero NULL al procesar una llamada de sistema de aceptaci\u00f3n para el proceso del usuario en los sockets AF_MSM_IPC, lo que podr\u00eda permitir a un usuario malicioso local obtener informaci\u00f3n confidencial (ID de Bug de Android A -32551280)."}], "id": "CVE-2016-5346", "lastModified": "2020-01-12T21:32:31.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-08T19:15:10.673", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97371"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038201"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://source.android.com/security/bulletin/2017-04-01.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}