CVE-2016-5853 - OpenCVE

In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/98178
https://source.android.com/security/bulletin/2017-05-01
https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be
https://www.codeaurora.org/detection-error-condition-without-proper-action-msmds2dapparamvisualizercontrolget-cve-2016-5853

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2017-08-16T15:00:00Z

Updated: 2024-09-16T18:38:18.773Z

Reserved: 2016-06-28T00:00:00

Link: CVE-2016-5853

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-08-16T15:29:00.220

Modified: 2017-09-29T01:34:48.343

Link: CVE-2016-5853

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "All Qualcomm products", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "All Android releases from CAF using the Linux kernel"}]}], "datePublic": "2017-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value."}], "problemTypes": [{"descriptions": [{"description": "Detection of Error Condition Without Action in Audio", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T16:57:01", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-05-01"}, {"name": "98178", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98178"}, {"tags": ["x_refsource_MISC"], "url": "https://www.codeaurora.org/detection-error-condition-without-proper-action-msmds2dapparamvisualizercontrolget-cve-2016-5853"}, {"tags": ["x_refsource_MISC"], "url": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "DATE_PUBLIC": "2017-05-01T00:00:00", "ID": "CVE-2016-5853", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "All Qualcomm products", "version": {"version_data": [{"version_value": "All Android releases from CAF using the Linux kernel"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Detection of Error Condition Without Action in Audio"}]}]}, "references": {"reference_data": [{"name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01"}, {"name": "98178", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98178"}, {"name": "https://www.codeaurora.org/detection-error-condition-without-proper-action-msmds2dapparamvisualizercontrolget-cve-2016-5853", "refsource": "MISC", "url": "https://www.codeaurora.org/detection-error-condition-without-proper-action-msmds2dapparamvisualizercontrolget-cve-2016-5853"}, {"name": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be", "refsource": "MISC", "url": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:15:10.231Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-05-01"}, {"name": "98178", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98178"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.codeaurora.org/detection-error-condition-without-proper-action-msmds2dapparamvisualizercontrolget-cve-2016-5853"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be"}]}]}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2016-5853", "datePublished": "2017-08-16T15:00:00Z", "dateReserved": "2016-06-28T00:00:00", "dateUpdated": "2024-09-16T18:38:18.773Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value."}, {"lang": "es", "value": "En un controlador de audio en todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, cuando una comprobaci\u00f3n de control de integridad encuentra un valor de un tama\u00f1o que no est\u00e1 en el rango correcto, se muestra un mensaje de error, pero la ejecuci\u00f3n del c\u00f3digo contin\u00faa como si fuese un valor de tama\u00f1o correcto."}], "id": "CVE-2016-5853", "lastModified": "2017-09-29T01:34:48.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-16T15:29:00.220", "references": [{"source": "product-security@qualcomm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98178"}, {"source": "product-security@qualcomm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-05-01"}, {"source": "product-security@qualcomm.com", "tags": ["Issue Tracking", "Third Party Advisory", "Patch"], "url": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be"}, {"source": "product-security@qualcomm.com", "url": "https://www.codeaurora.org/detection-error-condition-without-proper-action-msmds2dapparamvisualizercontrolget-cve-2016-5853"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}