Candidate: CVE-2016-0811
PublicDate: 2016-02-07 01:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0811
 https://android.googlesource.com/platform%2Fframeworks%2Fav/+/22f824feac43d5758f9a70b77f2aca840ba62c3b
 http://source.android.com/security/bulletin/2016-02-01.html
Description:
 Integer overflow in the BnCrypto::onTransact function in
 media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before
 2016-02-01 allows attackers to obtain sensitive information, and
 consequently bypass an unspecified protection mechanism, by triggering an
 improper size calculation, as demonstrated by obtaining Signature or
 SignatureOrSystem access, aka internal bug 25800375.
Ubuntu-Description:
Notes:
 sbeattie> not present in libhybris
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_android:
upstream_android: needs-triage
precise_android: DNE
precise/esm_android: DNE
trusty_android: ignored
trusty/esm_android: DNE (trusty was ignored)
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
wily_android: ignored
xenial_android: ignored
yakkety_android: ignored
zesty_android: ignored
devel_android: ignored