Candidate: CVE-2016-3762
PublicDate: 2016-07-11 02:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3762
 http://source.android.com/security/bulletin/2016-07-01.html
Description:
 The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1,
 and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted
 application that uses (1) the AF_MSM_IPC socket class or (2) another socket
 class that is unrecognized by SELinux, aka internal bug 28612709.
Ubuntu-Description:
Notes:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_android:
 upstream: https://android.googlesource.com/platform/external/sepolicy/+/abf0663ed884af7bc880a05e9529e6671eb58f39
upstream_android: not-affected (SELinux policy not used)
precise_android: DNE
trusty_android: not-affected (SELinux policy not used)
trusty/esm_android: DNE (trusty was not-affected [SELinux policy not used])
vivid/stable-phone-overlay_android: not-affected (SELinux policy not used)
vivid/ubuntu-core_android: DNE
wily_android: not-affected (SELinux policy not used)
xenial_android: not-affected (SELinux policy not used)
devel_android: not-affected (SELinux policy not used)