Candidate: CVE-2016-2419
PublicDate: 2016-04-18 00:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2419
 https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34
 http://source.android.com/security/bulletin/2016-04-02.html
Description:
 media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01
 does not initialize a certain key-request data structure, which allows
 attackers to obtain sensitive information from process memory, and
 consequently bypass an unspecified protection mechanism, via unspecified
 vectors, as demonstrated by obtaining Signature or SignatureOrSystem
 access, aka internal bug 26323455.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Peter Pi
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_android:
upstream_android: released (6.x 2016-04-01)
precise_android: DNE
precise/esm_android: DNE
trusty_android: ignored (abandoned)
trusty/esm_android: DNE (trusty was ignored [abandoned])
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
wily_android: ignored (reached end-of-life)
xenial_android: ignored (abandoned)
yakkety_android: ignored (reached end-of-life)
zesty_android: ignored (reached end-of-life)
artful_android: DNE
bionic_android: DNE
devel_android: DNE