Candidate: CVE-2016-2418
PublicDate: 2016-04-18 00:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2418
 https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3
 http://source.android.com/security/bulletin/2016-04-02.html
Description:
 media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01
 does not initialize certain metadata buffer pointers, which allows
 attackers to obtain sensitive information from process memory, and
 consequently bypass an unspecified protection mechanism, via unspecified
 vectors, as demonstrated by obtaining Signature or SignatureOrSystem
 access, aka internal bug 26324358.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Peter Pi
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_android:
upstream_android: released (6.x 2016-04-01)
precise_android: DNE
precise/esm_android: DNE
trusty_android: ignored (abandoned)
trusty/esm_android: DNE (trusty was ignored [abandoned])
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
wily_android: ignored (reached end-of-life)
xenial_android: ignored (abandoned)
yakkety_android: ignored (reached end-of-life)
zesty_android: ignored (reached end-of-life)
artful_android: DNE
bionic_android: DNE
devel_android: DNE